Senior Security & Compliance Manager

Job Title : Senior Security & Compliance Manager (Independent Contractor, Remote)

Company : US-based SaaS company

Location : Remote (Must work US hours, 6 AM – 2 PM Pacific Time or 9am - 5pm Eastern Time)

Compensation : $3,500–$4,500 / month USD

The Senior Security & Compliance Manager will oversee the full lifecycle of Company's information security operations, including SOC 2 (BDO) and ISO 27001 audits, penetration and vulnerability testing, RFP security responses, and policy management. This role requires hands-on experience with security frameworks, vendor risk management, and compliance documentation.

You’ll work closely with Company's Legal, IT, and Engineering teams to maintain a secure and audit-ready environment aligned with industry standards.

Key Responsibilities

Audit, Certification & Governance

Serve as internal lead for SOC 2, ISO AI, and ISO 27001 readiness, evidence collection, and auditor coordination.

Maintain and update Company's Statement of Applicability (SOA) and control library.

Manage security responses for client RFPs and due diligence questionnaires.

Security Operations

Oversee penetration testing and vulnerability testing (Tenable.io) cycles; track and validate remediation.

Maintain and enforce security-related policies, including access control, incident response, and DPA compliance.

Conduct monthly IT security plan reviews and update internal reports.

Manage change control, vendor security protocols, and breach notification procedures.

Risk & Asset Management

Conduct and document monthly risk assessments, including :

Review of Advanced Networks reports

Permission changes and audit logs

Data asset inventory

Hardware asset management and secure disposal tracking

Support vendor due diligence, reviewing risk scores, contracts, and compliance posture.

Documentation & Continuous Improvement

Maintain a comprehensive repository of policies, risk assessments, and testing results.

Recommend process or control improvements based on audit findings and security trends.

Support Legal with client and regulator data protection obligations (GDPR, CCPA, etc.).

Qualifications

5+ years in information security, risk, or compliance (ideally within SaaS or regulated industries).

Direct experience with SOC 2, ISO 27001, or similar control frameworks.

Working knowledge of Tenable.io, or equivalent vendor risk platforms.

Strong understanding of data protection, access control, and change management.

Excellent writing and analytical skills; able to draft RFP responses and security documentation clearly.

Certifications (preferred) : CISA, CISSP, CRISC, or ISO 27001 Lead Implementer.

Please note, this role reports to Company's Head of Legal.