Compliance Program Manager

Legal Greater Boston, Massachusetts


Reporting to the Chief Information Security Officer, the Compliance Program Manager is an important member of the information security team responsible for risk management and compliance initiatives. This individual must be able to effectively lead multiple projects simultaneously and effectively manage critical relationships with key stakeholders, external auditors and customers.

 The Compliance Program Manager will coordinate and lead important security assessments and compliance audits and design, implement and help reinforce information security policies and procedures. S/he/they will be involved in other information security efforts as the business requires.


  • Program manage compliance initiatives, including ISO 27001, SOC2 and NIST 800-53
  • Work with external auditors and internal stakeholders to achieve compliance within agreed timeframes
  • Evaluate effectiveness of and propose improvements to controls and documentation
  • Develop and update information security policies and procedures and assist with the exceptions process
  • Conduct information security assessments of third party vendors
  • Manage responses to customer security questionnaires
  • Help drive security awareness
  • Work to constantly improve our compliance status and overall security posture
  • Perform other responsibilities as assigned


  • Minimum five years of in-depth experience in one or more information security domains, with a minimum of three years direct experience leading security compliance audits and initiatives with emphasis on ISO 27001, SOC2 and NIST 800-53. Should have been involved in seeing at least one program initiative through from start to finish
  • Bachelor’s degree in Computer Science or Information Security or equivalent experience
  • Current Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP) preferred
  • Self-starter who is able to successfully lead complex compliance programs and deliver on tight deadlines
  • Excellent written/verbal communication and interpersonal skills
  • An outstanding record of security project management success, including establishing schedules, tracking progress, and mitigating risk
  • Ability to work independently with minimal oversight