TAC Security - Manager - Compliance

Description:
Compliance & Program Management
- Lead the full lifecycle of compliance programs from scoping and gap assessments to remediation, controls implementation, audit prep, and certification.
- Maintain and continually improve the Information Security Management System (ISMS) as per ISO standards.
- Oversee the SOC 2 program: manage readiness assessments, control design, evidence gathering, auditor liaison, and remediation.
- Map controls across frameworks (ISO, SOC, others) to drive efficiencies and avoid duplication.
- Monitor emerging standards, regulatory changes, and industry best practices; evaluate relevance and lead adoption when needed.
Audit & Assurance
- Plan, coordinate, and lead internal audits of security controls, policies, and processes.
- Interface with external auditors, respond to audit inquiries, facilitate walkthroughs, and drive closure of findings.
- Conduct regular review of control effectiveness, risk assessments, and control self-assessments.
- Prepare and deliver audit readiness documentation, reports, dashboards, and metrics to leadership.
Risk, Controls & Remediation
- Perform regular risk assessments, including IT, process, and vendor risks, and propose mitigations.
- Track and manage the remediation of identified gaps (from audits or assessments), ensuring timely closure.
- Oversee thirdparty / vendor security assessments (questionnaires, audits, due diligence), ensure vendor controls align with TACs security posture.

- Assist with defining, enforcing, and measuring key security metrics, KPIs, KRIs, SLAs, pass/fail criteria, etc.
- Policy & Process
- Develop, maintain, and communicate security and compliance policies, standards, procedures, and guidelines.
- Collaborate with stakeholders (Engineering, DevOps, IT, HR, Legal) to ensure alignment and adoption of control requirements.
- Drive security awareness and training programs tied to compliance responsibilities.
- Help embed security by design principles in development, operations, and architecture.
- Supporting Functions
- Respond to customer / prospect security questionnaires, RFPs, diligence requests, and security audits.
- Participate in vendor selection / procurement decisions from a security compliance perspective.
- Assist in incident response related to compliance gaps or control failures (e.
, root cause analysis, postmortem, corrective actions).
- Provide advisory support in projects, changes, new initiatives assess compliance impact proactively.
Qualifications & Experience:
Education / Certifications:
- Bachelors degree in Computer Science, Information Security, Engineering, or a related field (or equivalent experience).
- Professional security / audit certifications preferred, e.g ISO 27001 Lead Auditor or Lead Implementer.
CISSP, CISM, CISA, CRISC or equivalent.
Experience:
- Typically 5+ years in information security, risk, or compliance roles with hands-on experience in ISO compliance and audits.
- Proven track record managing SOC 2 (Type I / Type II) compliance programs (at least 1 full audit cycle).
- Experience working with external auditors and managing audit processes end to end.
- Familiarity with cloud environments (AWS, Azure, GCP), SaaS, DevOps, and how they relate to security and compliance.
- Experience with vendor / third-party risk assessments.
- Strong stakeholder management skills and ability to influence across technical and non-technical teams.
Skills & Competencies:
- Deep understanding of ISO (27001, 27701 or relevant) and SOC 2 frameworks, trust service criteria, control requirements, etc.
- Excellent analytical skills ability to identify gaps, risks, and propose effective remediation.
- Strong documentation skills policies, procedures, evidence, audit artifacts.
- Excellent communication (verbal & written) ability to present to executives, technical teams, and auditors.
- Project management skills ability to juggle multiple assurance initiatives, set timelines, and drive closure.
- High ownership, integrity, attention to detail, and ability to work independently or as part of cross-functional teams.