Compliance Enablement Technical Program Manager

Own and operate the GRC platform (control mapping, evidence collection, continuous monitoring, and audit workflows), serving as the technical lead for all GRC SaaS integrations.

Integrate GRC tools with cloud platforms (AWS, Azure, GCP) and internal systems (e.g., Jira, BigQuery) using APIs and scripting.

Design and implement automated workflows for evidence collection, control monitoring, and remediation tracking.

Build and maintain dashboards to visualize compliance posture, key risk indicators, and program maturity for both technical and executive audiences.

Design, build, and operate AI agents that automate the compliance lifecycle across applicable frameworks (ISO 27001, SOC 2, FedRAMP, etc.).

Apply AI-assisted workflows to evidence validation, control evaluation, finding management, and audit preparation.

Identify process gaps and implement scalable governance improvements through automation and tooling.

Conduct gap analyses and support implementation of new compliance frameworks and associated controls.

Prepare compliance documentation, control evidence, and control owners for internal and external audits.

Monitor adherence to internal controls and external regulatory requirements (e.g., ISO 27001, NIST 800-53, SOC 2, GDPR, HIPAA, FedRAMP).

Translate regulatory requirements and domain expertise into technical control implementations and automated agent logic.

Contribute to policy authoring, change management, and manual controls enforcement as a high-bandwidth team member.

Partner cross-functionally with engineering, product, security, and legal teams to ensure controls are not only documented but operationalized.

Communicate compliance risk and control status to technical and non-technical stakeholders through clear reporting and executive-ready summaries.

Participate in security reviews and risk discussions related to cloud and data platform environments.

Work independently, leveraging existing documentation, standards, and prior artifacts to resolve issues before escalating.

Proficiency in Python or scripting language with experience in API integrations and data processing.

Experience building AI/ML-powered applications or agentic systems.

Experience with CI/CD pipelines and deploying production-grade services.

Prior experience leading a SOC 2 Type II, ISO 27001, FedRAMP, or NIST 800-53 audit end-to-end.

Experience with OSCAL (Open Security Controls Assessment Language) or other compliance automation tooling.

Experience in SaaS, GovCloud, FinTech, or other highly regulated technology environments.

Familiarity with cloud infrastructure automation and configuration tooling (e.g., Terraform, Puppet, Jenkins).

Professional certifications such as CISSP, CISM, CISA, CCSP, CCSK, or ISO 27001 Lead Auditor.