Senior Governance, Risk & Compliance Lead
OnePlan
full-time
Posted on:
Location Type: Remote
Location: California • United States
Visit company websiteExplore more
Job Level
About the role
- Own and manage OnePlan’s governance, risk, and compliance program across security and privacy frameworks
- Maintain the company’s compliance certifications including SOC 2 Type II, ISO 27001, and ISO 27701, ensuring ongoing audit readiness and successful surveillance audits and recertifications
- Coordinate with external auditors and manage evidence collection, control validation, and supporting documentation
- Maintain and update security policies, procedures, and internal documentation supporting compliance frameworks
- Maintain the company risk register and drive risk identification, assessment, and remediation activities across the organization
- Partner closely with Engineering and IT teams to implement and document security controls across the platform
- Lead OnePlan’s FedRAMP Moderate readiness initiative, including NIST 800-53 gap assessments and remediation planning
- Develop and maintain the System Security Plan (SSP) and associated FedRAMP documentation
- Prepare the organization for 3PAO assessment and establish processes for ongoing continuous monitoring
- Manage vendor risk assessments and third party security reviews
- Support enterprise and public sector security questionnaires, compliance reviews, and due diligence requests
- Ensure privacy and data protection practices align with GDPR and global privacy frameworks
- Support the ongoing operation of OnePlan’s ISO 27701 privacy program
Requirements
- 6+ years of experience in governance, risk and compliance, information security, or security compliance roles
- Direct experience managing SOC 2 Type II and ISO 27001 audits and maintaining ongoing compliance programs
- Strong understanding of NIST 800-53 and FedRAMP security requirements
- Experience using compliance automation platforms such as Vanta or similar tools
- Experience working in a cloud native SaaS environment, ideally within Azure
- Strong documentation, audit management, and cross functional coordination skills
- Ability to translate security and compliance requirements into practical operational processes
- Experience leading or supporting FedRAMP readiness or authorization programs
- Professional certifications such as CISSP, CISM, CISA, CRISC, ISO 27001 Lead Implementer/Auditor, or CIPP
- Experience supporting enterprise security reviews and government compliance requirements
- Experience working in high growth SaaS or enterprise software companies
Benefits
- We’re a remote-first company with team members across the USA, Canada, UK, and India!
- OnePlan has been recognized as the Global Microsoft Partner of the Year in Project Portfolio Management in 2019, 2020, 2021, 2022 and 2023.
- We’ve been named a "Strong Performer" in the latest Forrester Strategic Portfolio Management WAVE report.
- We offer comprehensive health, dental, and vision benefits, with additional insurance options.
- Employer RRSP and 401K matching programs.
- A fun, collaborative, and diverse environment with regular health and team challenges to keep things light and enjoyable!
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
governancerisk managementcomplianceinformation securitySOC 2 Type IIISO 27001NIST 800-53FedRAMPGDPRcloud native SaaS
Soft Skills
documentationaudit managementcross functional coordinationoperational process translation
Certifications
CISSPCISMCISACRISCISO 27001 Lead ImplementerISO 27001 AuditorCIPP