Job Type: Full-Time Contract
Contract Length: Long-Term Contract
Pay Range: $40–70/hr
Start Date: ASAP
Location: Remote (US-based preferred, Bay Area a plus)
About the Opportunity:
Our client, a leader in next-generation AI products for enterprise buyers, is looking for a skilled Security Compliance Manager to join their team for a Long-Term Contract engagement. This project involves becoming the dedicated single-threaded owner of all security compliance operations. Since our customers require a rigorous security posture as a condition of procurement, this is a high-impact role that requires a senior individual contributor who can credibly represent the company on compliance and AI governance calls, manage external agencies, and deliver rapid results.
Key Responsibilities & Deliverables:
This role is focused on the successful completion of specific tasks and deliverables. Your responsibilities will include:
- Compliance Program Ownership: Drive the annual SOC 2 Type II audit cycle end-to-end (prep, evidence collection, gap remediation, and execution). Ensure security policies and control documentation stay current by working with the outsourced security agency.
- Vendor & Platform Management: Serve as the primary project manager for the outsourced security agency. Set priorities, track milestones, and hold the agency accountable to SLAs, coordinating remediation work between the agency, internal engineering, and leadership. Manage the compliance automation platform (e.g., Worksheet) to ensure evidence is current and controls are monitored.
- Customer Security Reviews & Sales Enablement: Own inbound customer security questionnaires, RFPs, and vendor risk assessments, targeting a turnaround time of under five business days. Join customer procurement and security review calls with Account Executives (AEs) to speak to security controls, data handling, and compliance posture in real-time.
- AI Governance & Emerging Compliance: Represent the company on customer AI governance committees and responsible AI reviews. Advise on the applicability of emerging AI compliance frameworks (such as NIST AI RMF, ISO 42001, and the EU AI Act) and support enterprise deal cycles where AI safety is a procurement gate.
- Penetration Testing Coordination: Manage the annual pen test cycle from vendor scheduling and scoping through remediation tracking. Triage critical/high findings and chase engineering teams to ensure fixes are validated within SLA.
We are looking for someone with a proven track record of successful contract engagements. The ideal candidate will have:
- 4–7 years of experience in security compliance, GRC, or information security operations at a B2B SaaS or technology company.
- Experience coordinating a SOC 2 Type II program through at least two audit cycles.
- Direct experience completing customer security questionnaires at volume (30+/year).
- Customer-Facing Confidence: Ability to answer pointed questions from a prospect’s security team without reading from a script.
- Familiarity with compliance automation platforms (Vanta, Drata, Worksheet, Secureframe, or similar).
- Working knowledge of cloud security concepts (AWS or GCP), SSO/identity management, encryption, and access controls.
- Strongly Preferred: Experience at an AI/ML company or familiarity with AI-specific security topics (e.g., prompt injection, model safety, responsible AI).
- Strongly Preferred: Prior startup or growth-stage experience where you operated with minimal oversight.
