Security Compliance Manager

We are looking for a Compliance Manager who will report to the Senior Director of Information Security. You will be responsible for helping implement, maintain and expand its FedRAMP and GovRAMP Authorizations. Additional responsibilities include operating the Security Awareness Program; supporting SOC 2 and ISO 27001 compliance; supporting cyber insurance and contractual security requirements; supporting privacy compliance; providing support with second-party audits; and helping monitor and maintain acceptable levels of risk.

Responsibilities:

• Compliance Management: Implement and monitor regular compliance activities, ensure corrective actions are implemented in a timely manner, and work with cross-functional teams to maintain compliance with established controls.
• FedRAMP Documentation: Develop and maintain FedRAMP documentation and other documentation to facilitate and communicate compliance.
• Continuous Monitoring: Conduct weekly, monthly, quarterly, and annual FedRAMP continuous monitoring activities to maintain compliance and stakeholder satisfaction.
• Third Party Assessments: Coordinate and lead FedRAMP annual assessments and penetration tests, facilitating the assessments, and acting as the primary point of contact for auditors.
• Verification and Review: Coordinate annual verification activities such as external assessments, business continuity testing, and business impact analysis to validate key controls and identify deficiencies.
• Security Awareness: Operate the security awareness apparatus including course design, phishing simulations, reporting and business support.
• FedRAMP Roster: Take part in the FedRAMP on-call support roster – being available to respond to rare but possible critical security alerts.
• Tactical Projects: Oversee tactical projects to mitigate risk, enhance compliance, facilitate business operations, or enhance efficiency.

Qualifications

1. Bachelor's degree in information security and three to five years of experience, or equivalent work experience of four to six years.

2. Familiarity with common security standards. Preferably NIST SP 800-53b, or others such as ISO 27001, or AICPA SOC 2.

3. Experience working in or with a security or privacy compliance function.

4. Keen proponent of formal business process, with a bias towards automation.

5. Analytical and problem-solving skills, with the ability to prioritize and handle multiple tasks in a fast-paced environment.

6. Good communication and interpersonal skills, with the desire to work collaboratively.

7. Attention to detail and a proactive approach to identifying and mitigating risk.

Desired, but not required

1. Experience building modern SaaS applications
2. Interest or prior experience within information security and data privacy
3. Security certifications and/or formal education
4. Understanding of web accessibility

Application Process

If you are hardworking and are looking for an opportunity to be a part of the InfoSec department at a growing SaaS a11y company, we encourage you to apply for this role! This is a full-time salaried position with a competitive benefits package, including bonus opportunities and unlimited vacation/FTO. Salary is commensurate with experience. Please submit your cover letter and resume for immediate consideration!

Level Access is committed to workforce diversity. Equal Opportunity Employer. Copyright 2025, Level Access. All rights reserved.

Originally posted on Himalayas