Senior Security & Compliance Manager

Description:

Job Title: Senior Security & Compliance Manager (Independent Contractor, Remote).

Company: US-based SaaS company.

Location: Remote (Must work US hours, 6 AM 2 PM Pacific Time or 9am 5pm Eastern Time).

Compensation: $3,500$4,500/month USD.

The Senior Security & Compliance Manager will oversee the full lifecycle of Company's information security operations, including SOC 2 (BDO) and ISO 27001 audits, penetration and vulnerability testing, RFP security responses, and policy management.

This role requires hands-on experience with security frameworks, vendor risk management, and compliance documentation.

Youll work closely with Company's Legal, IT, and Engineering teams to maintain a secure and audit-ready environment aligned with industry standards.

Key Responsibilities:

Audit, Certification & Governance:

- Serve as internal lead for SOC 2, ISO AI, and ISO 27001 readiness, evidence collection, and auditor coordination.

- Maintain and update Company's Statement of Applicability (SOA) and control library.

- Manage security responses for client RFPs and due diligence questionnaires.

Security Operations:

- Oversee penetration testing and vulnerability testing (Tenable.
io) cycles; track and validate remediation.

- Maintain and enforce security-related policies, including access control, incident response, and DPA compliance.

- Conduct monthly IT security plan reviews and update internal reports.

- Manage change control, vendor security protocols, and breach notification procedures.

Risk & Asset Management:

- Conduct and document monthly risk assessments, including:

- Review of Advanced Networks reports.

- Permission changes and audit logs.

- Data asset inventory.

- Hardware asset management and secure disposal tracking.

- Support vendor due diligence, reviewing risk scores, contracts, and compliance posture.

Documentation & Continuous Improvement:

- Maintain a comprehensive repository of policies, risk assessments, and testing results.

- Recommend process or control improvements based on audit findings and security trends.

- Support Legal with client and regulator data protection obligations (GDPR, CCPA, etc.

Qualifications:

- 5+ years in information security, risk, or compliance (ideally within SaaS or regulated industries).

- Direct experience with SOC 2, ISO 27001, or similar control frameworks.

- Working knowledge of Tenable.
io, or equivalent vendor risk platforms.

- Strong understanding of data protection, access control, and change management.

- Excellent writing and analytical skills; able to draft RFP responses and security documentation clearly.

- Certifications (preferred): CISA, CISSP, CRISC, or ISO 27001 Lead Implementer.

Please note, this role reports to Company's Head of Legal.