Principal Security and Compliance Manager

Summary

Join SearchStax as a Principal Security and Compliance Manager and lead our security and compliance initiatives. Reporting to the COO, you will ensure a strong security posture, achieve and maintain compliance certifications (SOC 2, ISO 27001, etc.), and adhere to regulatory frameworks (GDPR, HIPAA, FedRAMP). You will play a key role in scaling security and compliance programs to meet evolving business and customer needs. This involves managing compliance certifications, overseeing audits, developing security programs, conducting risk assessments, maintaining documentation, and collaborating with cross-functional teams. The ideal candidate possesses a Bachelor's degree, 4-6+ years of relevant experience, and strong understanding of security best practices and frameworks. SearchStax offers a competitive compensation and benefits package, including remote work options.

Requirements

• Bachelor’s degree in Information Security, Business Administration, or a related field
• 4–6+ years of experience in security, compliance, or risk management, preferably in a SaaS or technology environment
• Hands-on experience with SOC 2, ISO 27001, and related compliance frameworks
• Strong understanding of security best practices and frameworks (e.g., NIST, CIS Controls)
• Knowledge of GDPR, CCPA, HIPAA, and/or FedRAMP
• Excellent organizational and project management skills with the ability to prioritize in a fast-paced environment
• Strong analytical, problem-solving, and communication skills

Responsibilities

• Lead and manage compliance certifications such as SOC 2, ISO 27001, and others required by customers and regulators
• Develop, implement, and enhance policies, procedures, and controls to align with compliance standards
• Oversee external audits and act as the primary point of contact for auditors and assessors
• Assemble and execute against a longer-term compliance plan, which will evolve and transform as the Company scales
• Develop and maintain an effective information security program to protect company and customer data
• Collaborate with Engineering and IT teams to ensure security best practices are implemented in product development, infrastructure, and operations
• Monitor security risks and vulnerabilities, and drive remediation efforts
• Conduct regular risk assessments to identify, evaluate, and mitigate risks
• Establish and maintain a governance, risk, and compliance (GRC) framework to track compliance and security activities
• Stay updated on regulatory changes and adjust programs to meet new requirements (e.g., GDPR, CCPA, HIPAA, FedRAMP)
• Maintain detailed records of security and compliance frameworks, policies, and audit evidence
• Provide regular updates to the COO and executive team on the state of security and compliance initiatives
• Prepare responses to customer security and compliance questionnaires
• Maintain and update SearchStax Policies in alignment with the leadership team and their updates to meet compliance requirements
• Work closely with Sales, Customer Success, and Legal teams to address customer compliance inquiries and ensure alignment with contractual obligations
• Partner with Product and Engineering teams to ensure security and compliance are built into product design and development
• Develop and deliver security and compliance training programs to employees
• Foster a culture of security awareness and accountability across the organization

Preferred Qualifications

• Security or compliance certifications such as CISA, CISM, CISSP, or CIPT
• Experience working in a growth-stage SaaS startup
• Familiarity with cloud platforms like AWS, Azure, or Google Cloud
• Experience with GRC tools and processes

Benefits

• Remote-First
• Competitive Compensation & Stock Options
• 401k Match
• Healthcare Benefits
• Paid Time Off
• Exciting Growth Opportunities
• Additional Benefits : Beyond base salaries, SearchStax employees enjoy a comprehensive benefits package, with potential for equity and performance-based bonuses