Red Cell Partners
Senior Security Assurance Manager
NEWš° USD 170,000 - 230,000/yr
Job Description
[AI-summarized by JobStash]
You will own the strategic governance backbone of the Security and Compliance program, implementing and overseeing the processes, policies, and controls that let the business operate safely and credibly in highly-regulated markets. You'll define and steward security policies and procedures, lead internal and external audits, and conduct comprehensive risk assessments across the organization. You'll be the primary owner of the SOC 2 and HIPAA programs and champion the broader GRC functions including risk management, policy documentation, control design, and continuous monitoring. This is a player-coach role where you'll operate hands-on across contexts and stakeholder groups while building the team, processes, and tooling needed to scale governance capabilities alongside the business.
Requirements
- ā10+ years of progressive experience in security assurance, GRC, controls engineering, or information security audit roles, including several years in a senior or program-owning capacity
- āDeep, hands-on experience owning or supporting SOC 2 and HIPAA programs end-to-end, including managing external auditors or internal assessors
- āStrong working knowledge of additional frameworks including ISO 27001, FedRAMP (Moderate/High), NIST 800-53, NIST CSF, and CMMC
- āDemonstrated experience designing and operating continuous control monitoring programs
- āProven ability to author clear, defensible security policies, standards, procedures, and memoranda
- āStrong risk management foundation, including hands-on experience conducting risk assessments and maintaining a risk register
- āExperience leading customer-facing security reviews, RFP responses, and trust conversations with sophisticated enterprise buyers or partners
- āTrack record of partnering effectively with engineering and product teams to design controls into systems
- āExcellent written and verbal communication skills, with the ability to translate between auditors, executives, customers, and engineers
- āStrong affinity and practical skill for working with LLMs and AI agents as part of your own workflow
Responsibilities
- āOwn and operate SOC 2 and HIPAA programs end-to-end, including scoping, control design, evidence collection, and remediation tracking
- āLead readiness and execution for additional frameworks including ISO 27001, FedRAMP, NIST 800-53, CMMC, and ISO 42001
- āManage the full lifecycle of internal and external audits, serving as the primary point of contact for auditors, assessors, and regulators
- āMaintain the enterprise risk register and conduct recurring risk assessments across people, process, and technology
- āDesign, document, and operationalize security policies, standards, and procedures aligned to industry frameworks
- āOwn the common control framework in Drata, monitoring and refining controls across overlapping regimes to minimize duplication and audit burden
- āImplement continuous control monitoring, automated evidence collection, and recurring control testing
- āDefine KRIs, KPIs, and reporting cadences that give leadership real-time visibility into program health
- āIdentify control gaps, perform root cause analysis, and drive remediation with control owners
- āEnhance and operate the third-party risk management program, including vendor security reviews and ongoing monitoring
- āPartner with Legal to ensure DPAs, BAAs, and security addenda meet regulatory and customer requirements
- āServe as a senior representative in customer security reviews, RFPs, and prospect-facing trust conversations
- āMaintain trust collateral such as SOC 2 reports, security questionnaires, and trust portal content
- āTranslate customer and regulator expectations into actionable program requirements
- āPartner with Engineering and other teams to ensure controls are operating effectively as designed
- āCollaborate with Legal, HR, IT, and Finance on shared control ownership and program execution
Benefits & Perks
- ā100% employer paid, comprehensive health care including medical, dental, and vision for you and your family
- āPaid maternity and paternity leave for 14 weeks at employees' normal pay
- āUnlimited PTO, with management approval
- āOptional 401K, FSA, and equity incentives available
- āMental health benefits available through Tara Mind
- āCost effective GLP-1 solutions available through Crux