Sr. Manager, Compliance, Governance & Assurance
Stellarus · California, United States · 1 wk ago
HybridInformation Technology$149k–$223k/yrFull-time
About the role
The Information Security team is seeking an experienced Senior Manager, Compliance, Governance & Assurance reporting to the Senior Director, Governance, Risk & Compliance (GRC).
Responsibilities
- Lead and mature the enterprise compliance program, ensuring ongoing alignment with regulatory, contractual, customer, and industry requirements.
- Own the organization's compliance and certification portfolio, including SOC 2, ISO 27001, HIPAA, HITRUST, and other applicable frameworks, driving audit readiness and successful certification outcomes.
- Develop and maintain compliance and governance roadmap aligned with organizational priorities, risk management objectives, and business growth.
- Establish and oversee governance processes, metrics, and reporting that provide leadership visibility into compliance posture, risks, and program effectiveness.
- Monitor evolving regulatory and industry requirements and translate them into actionable governance, policy, and control improvements.
- Establish and mature the enterprise policy governance lifecycle, including policy development, review, approval, communication, exception management, and periodic maintenance.
- Build and operationalize a risk-based internal assurance function to evaluate compliance with policies, standards, regulatory obligations, and control requirements.
- Define and execute assurance methodologies, testing programs, and monitoring activities to assess control effectiveness and identify opportunities for continuous improvement.
- Develop a small, stable set of compliance and assurance health indicators that can be reported regularly to leadership.
- Define reusable compliance and governance capabilities, including policy management processes, assurance testing frameworks, control assessment methodologies, and audit readiness programs.
- Partner with Internal Audit, Security, Privacy, Legal, Risk Management, and business leaders to coordinate audits, assessments, certifications, and customer due diligence activities.
- Lead remediation governance, ensuring findings, recommendations, and observations are appropriately prioritized, tracked, and resolved in a timely manner.
- Serve as a trusted advisor to leadership on compliance, governance, and assurance matters.
- Leverage automation and Artificial Intelligence capabilities to improve compliance monitoring, evidence management, assurance activities, and operational efficiency.
- Manage a team with focus on policy and strategy implementation.
- Foster a culture of continuous learning, psychological safety, and security advocacy across the broader organization.
Qualifications
- A minimum of 8 years of progressive experience in compliance, governance, risk management, audit, assurance, or related disciplines.
- Bachelor's degree or higher in Business, Information Systems, Cybersecurity, Risk Management, Accounting, Finance, Public Policy, or a related field.
- A minimum of 4 years of people leadership experience with direct responsibility for supervising, coaching, and developing team members.
- Proven experience managing compliance programs and certification frameworks including SOC 2, ISO 27001, HIPAA, HITRUST, and similar industry standards.
- Demonstrated experience leading audits, assessments, remediation programs, and control maturity initiatives.
- Experience building or significantly maturing compliance, governance, assurance, or policy management programs.
- Strong understanding of governance, risk, compliance, internal control, and audit frameworks.
- Exceptional communication and stakeholder management skills, including experience influencing senior leadership and partnering effectively across Security, Privacy, Legal, Risk Management, Internal Audit, and business functions.
- Demonstrated ability to influence cross-functional teams and drive organizational change in complex environments.
Leadership Competencies
- Ability to define and execute a strategic vision for compliance, governance, and assurance maturity.
- Skilled at leading through influence across security, legal, privacy, audit, technology, and business teams.
- Applies metrics, risk-based decision-making, and evidence-based reasoning to prioritize investments and remediation activities.
- Thrives in fast-paced and evolving environments while maintaining operational rigor and accountability.
- Passionate about building scalable programs, improving organizational effectiveness, and developing future leaders.
- Translates complex compliance and governance concepts into clear business language and builds trust with technical and non-technical stakeholders alike.