Compliance Manager

Job Description Key Responsibilities- Compliance & Program Management - Lead the full lifecycle of compliance programs from scoping and gap assessments to remediation, controls implementation, audit prep, and certification. - Maintain and continually improve the Information Security Management System (ISMS) as per ISO standards. - Oversee the SOC 2 program: manage readiness assessments, control design, evidence gathering, auditor liaison, and remediation. - Map controls across frameworks (ISO, SOC, others) to drive efficiencies and avoid duplication. - Monitor emerging standards, regulatory changes, and industry best practices; evaluate relevance and lead adoption when needed. Audit & Assurance - Plan, coordinate, and lead internal audits of security controls, policies, and processes. - Interface with external auditors, respond to audit inquiries, facilitate walkthroughs, and drive closure of findings. - Conduct regular review of control effectiveness, risk assessments, and control self-assessments. - Prepare and deliver audit readiness documentation, reports, dashboards, and metrics to leadership. Risk, Controls & Remediation - Perform regular risk assessments, including IT, process, and vendor risks, and propose mitigations. - Track and manage the remediation of identified gaps (from audits or assessments), ensuring timely closure. - Oversee thirdparty / vendor security assessments (questionnaires, audits, due diligence), ensure vendor controls align with TAC's security posture. - Assist with defining, enforcing, and measuring key security metrics, KPIs, KRIs, SLAs, pass/fail criteria, etc. Policy & Process - Develop, maintain, and communicate security and compliance policies, standards, procedures, and guidelines. - Collaborate with stakeholders (Engineering, DevOps, IT, HR, Legal) to ensure alignment and adoption of control requirements. - Drive security awareness and training programs tied to compliance responsibilities. - Help embed security by design principles in development, operations, and architecture. Supporting Functions - Respond to customer / prospect security questionnaires, RFPs, diligence requests, and security audits. - Participate in vendor selection / procurement decisions from a security compliance perspective. - Assist in incident response related to compliance gaps or control failures (e.g., root cause analysis, postmortem, corrective actions). - Provide advisory support in projects, changes, new initiatives assess compliance impact proactively. Qualifications & Experience- Education / Certifications - Bachelor's degree in Computer Science, Information Security, Engineering, or a related field (or equivalent experience). - Professional security / audit certifications preferred, e.g.: - ISO 27001 Lead Auditor or Lead Implementer - CISSP, CISM, CISA, CRISC or equivalent Experience - Typically 5+ years in information security, risk, or compliance roles with hands-on experience in ISO compliance and audits. - Proven track record managing SOC 2 (Type I / Type II) compliance programs (at least 1 full audit cycle). - Experience working with external auditors and managing audit processes end to end. - Familiarity with cloud environments (AWS, Azure, GCP), SaaS, DevOps, and how they relate to security and compliance. - Experience with vendor / third-party risk assessments. - Strong stakeholder management skills and ability to influence across technical and non-technical teams. Skills & Competencies - Deep understanding of ISO (27001, 27701 or relevant) and SOC 2 frameworks, trust service criteria, control requirements, etc. - Excellent analytical skills ability to identify gaps, risks, and propose effective remediation. - Strong documentation skills policies, procedures, evidence, audit artifacts. - Excellent communication (verbal & written) ability to present to executives, technical teams, and auditors. - Project management skills ability to juggle multiple assurance initiatives, set timelines, and drive closure. - High ownership, integrity, attention to detail, and ability to work independently or as part of cross-functional teams.