Senior Manager, Compliance
Acorns
Infosec Manager, GRC
Slingshot Aerospace
full-time
Posted on:
Location Type: Remote
Location: Remote • Arizona, California, Colorado, District of Columbia, Florida, Hawaii, Illinois, Kansas, Maryland, Massachusetts, Minnesota, Missouri, Montana, Nevada, New Jersey, New Mexico, New York, North Carolina, Oregon, Rhode Island, Tennessee, Texas, Utah, Vermont, Virginia, Washington, West Virginia, Wisconsin • 🇺🇸 United States
Visit company websiteJob Level
SeniorLead
Tech Stack
AnsibleAWSAzureCloudGoPythonSplunkTerraformTypeScript
About the role
- Lead the company’s information security and compliance strategy in partnership with senior IT and Infosec leadership.
- Guide and mentor IT, Infosec, and GRC staff and contractors while remaining directly engaged in technical work.
- Define long-term roadmaps for security, compliance, and infrastructure that align with business goals and technology growth.
- Build out and mature IT and Infosec capabilities for USA, U.K. and international operations, aligning technical controls and compliance with regional requirements.
- Deliver regular metrics and program status to executive leadership and customers to demonstrate compliance, risk posture, and control maturity.
- Manage compliance operations including SSPs, POA&Ms, control testing, risk assessments, and audits for CMMC 2.0 and NIST 800-171.
- Develop and maintain documentation, evidence, and controls to support new or evolving frameworks such as ISO 27001, Cyber Essentials Plus, GDPR, and other standards as required by customers or regulators.
- Maintain evidence and documentation in platforms such as Vanta and Paramify, ensuring continuous audit readiness.
- Support Sales, Growth, and Legal teams with security questionnaires, RFIs, and RFPs, providing timely and accurate assurance documentation.
- Maintain federal and customer compliance portals (SPRS, eMASS) with current and complete records.
- Oversee third-party and vendor risk management, ensuring supply chain partners meet security and compliance standards.
- Partner with IT and Engineering to architect secure cloud, SaaS, and on-premises systems across AWS and Azure.
- Implement network and infrastructure security in collaboration with DevSecOps, IT, and Engineering teams, ensuring consistent security standards across environments.
- Coordinate with Development, Data, and Operations groups to embed secure design, testing, and deployment practices throughout the software lifecycle.
- Implement network segmentation and zero-trust access models; coordinate VPN, firewall, and remote access controls.
- Operate and enhance endpoint, identity, and network defenses using CrowdStrike, Zscaler, Okta, Microsoft Entra ID, Wiz, and Tenable.
- Run SIEM/SOAR or equivalent log analytics and automation (e.g., Splunk) to improve detection and response.
- Lead incident response from detection through recovery, maintaining detailed playbooks and conducting tabletop exercises.
- Oversee and manage the company’s security awareness and user training programs using platforms such as KnowBe4 or similar tools, ensuring all employees remain informed, compliant, and vigilant against evolving threats.
- Develop internal automation and tooling using Python, Go, or PowerShell for compliance evidence, monitoring, and reporting.
- Apply Infrastructure-as-Code and Policy-as-Code principles using Terraform, Ansible, or CloudFormation to enforce security baselines.
- Collaborate with software and product engineering teams to embed security into CI/CD pipelines, APIs, and customer-facing services.
- Provide expertise in Okta CIAM/CIS and Auth0 for secure customer identity and access flows.
- Own data-protection controls including encryption, key management, DLP, and data classification aligned to regional compliance.
- Lead business-continuity (BCP) and disaster-recovery (DR) testing; document findings and corrective actions.
- Strengthen backup and recovery programs for multi-cloud and hybrid environments.
- Support secure adoption of emerging technologies such as AI, automation, and advanced analytics within governance frameworks.
- Extend and strengthen Slingshot’s IT, Infosec, and compliance programs across U.K., E.U., and other international operations, maintaining data sovereignty and regulatory alignment.
Requirements
- CISSP certification required.
- CMMC Certified Professional (CCP) preferred, or ability to obtain certification.
- 8+ years of progressive experience across IT, information security, networking, and GRC.
- Familiarity with CMMC 2.0 and NIST 800-171, with understanding of ISO 27001, Cyber Essentials Plus, GDPR, and the ability to support other frameworks as needed.
- Proven ability to lead IT and Infosec programs while remaining hands-on with engineering, automation, and incident response.
- Strong coding and scripting skills in Python, Go, or PowerShell, with experience building internal tools or integrations.
- Expertise in IAM, endpoint protection, cloud security, data protection, and zero-trust architecture.
- Experience with tools such as CrowdStrike, Zscaler, Wiz, Tenable, Vanta, Paramify, Okta, and Microsoft Entra ID.
- Excellent written and verbal communication skills with the ability to work across technical, operational, and executive teams.
- U.S. citizenship and TS/SCI eligibility required.
- International experience and multi-region program management are highly valued.
Benefits
- U.S. citizenship and TS/SCI eligibility required.
- Equity, Diversity & Inclusion are key to our success.
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
information securitycompliance strategyrisk assessmentsincident responsecodingscriptingInfrastructure-as-CodePolicy-as-Codedata protectionzero-trust architecture
Soft skills
leadershipmentoringcommunicationcollaborationprogram managementdocumentationtrainingproblem-solvinganalytical thinkingadaptability
Certifications
CISSPCMMC Certified Professional (CCP)
