Security and Compliance Manager
Employment Information
Report this job
Job expired or something wrong with this job?
Job Description
Security and Compliance Manager overseeing compliance and assurance at Semaphore. Ensuring audit readiness and maintaining security processes within a remote-first software company.
Responsibilities:
- Own Semaphore's SOC 2 and ISO 27001 readiness, evidence collection, and audit coordination.
- Keep policies, controls, procedures, and supporting documentation current and practical.
- Track compliance gaps and coordinate follow-through with the right owners.
- Handle customer security questionnaires, compliance requests, and vendor assessments with clear, reusable materials.
- Maintain practical risk, vendor review, privacy, and DPA workflows so customer commitments and internal practices stay aligned.
- Partner with Engineering and Infrastructure on technical control validation, penetration testing, access reviews, and cloud/on-prem governance.
- Keep security and compliance processes lightweight, clear, and owned, including emerging governance needs around internal AI use.
Requirements:
- Based in Serbia, with 3+ years of experience in IT compliance, information security, risk management, privacy, audit, operations, or a related role with real ownership and accountability.
- Working knowledge of security, compliance, audit, or risk-management practices, with the ability to learn frameworks such as SOC 2 and ISO 27001 quickly.
- Experience owning or coordinating an important process end-to-end, such as audit evidence, policies, risk tracking, vendor reviews, customer questionnaires, access reviews, internal controls, or cross-functional operations.
- Strong written communication skills and the ability to make compliance topics clear to non-specialists.
- Good judgment: you can distinguish between real risk, audit formality, and unnecessary process.
- Ability to work independently in a remote company and keep many moving pieces organized.
- Nice to Have: Direct experience with SOC 2, ISO 27001, SaaS, cloud infrastructure, developer tools, or enterprise software.
- Familiarity with GDPR, DPAs, privacy operations, or customer assurance workflows.
- Experience working with Engineering or Infrastructure teams on security controls.
- Exposure to AI governance, third-party risk management, or security tooling, especially in companies adopting AI internally.
- Relevant certifications such as Security+, ISO 27001, CISA, CISSP, CIPM, CIPP/E, or similar.
Benefits:
- The impact of working on a product that's competing in a global market.
- Join a small team of around 30 full-time people who love what they do.
- A healthy 40-hour work week, a friendly and supportive work environment.
- Competitive salary.
- Company retreats.
- Space to learn continuously and choose the tools and equipment for your job.
- Paid trips to conferences and books of your choice.
- Interact with developers who use Semaphore and talk about the latest and greatest ways to develop and ship software.
- Paid membership at a fitness club of your choice.
Similar Jobs
Security Alignment Engineer
Security Alignment Engineer safeguarding clients' IT infrastructure at Onsite Logic. Conducting audits, providing technical support, and enhancing security posture for clients.
Network Security Engineer
Network Security Engineer focusing on architecture and engineering for network security with Zero Trust principles. Involves Zscaler environments, firewall management, and collaboration with architects and SOC teams.
Business Analyst Level 3, Security Coordinator
Business Analyst Level 3 - Security Coordinator for healthcare IT consulting firm. Responsible for overseeing security administration and user provisioning in a remote position.
Administrador de Sistemas Microsoft, Identidad, Seguridad
Administrador/a de Sistemas Microsoft especializado en seguridad e identidad para servicios remotos. Administración y soporte de entornos Microsoft en la nube, híbridos y locales.
T3 Operations & Support Specialist – Network & Security
T3 Operations & Support Specialist handling Network & Security for a cloud-native platform in Germany. Resolving complex incidents and ensuring operational readiness across multi-tenant environments.
Senior Security Engineer
Security Engineer responsible for gShield security services operation, incident response, and improving client security posture. Leading technical analysis and collaborating with InfoSec teams.
Security Technical Account Manager
Security Technical Account Manager dedicated to supporting Red Hat's customers for Project Lightwell. Expert in security, application development, and Red Hat Enterprise ecosystem.
Lead, Security Engineer V&CM
Lead Security Engineer focusing on Vulnerability and Configuration Management at U.S. FinTech. Conducting assessments, providing mentoring, and ensuring compliance within infrastructure.
IT Security Administrator
IT Security Administrator responsible for managing security and IT-related requests. Bitwarden empowers users worldwide with identity security solutions.
Senior Information Security Analyst I – IAM Cloud
Analyst in Security Information focusing on IAM cloud solutions for the fashion retail company Riachuelo. Supporting identity and access management in a multi-cloud environment.
Ethical Hacker – OT Security Consultant
OT Security Consultant at Packetlabs focusing on security for Operational Technology environments. Responsible for risk assessment, architecture review, and client advisory in high-stakes systems.
Senior Network Security Engineer
Senior Network Security Engineer supporting the company’s security network by ensuring systems are safe and running smoothly. Responding to issues and improving network performance.
Information Systems Security Officer
Information Systems Security Officer supporting the modernization of enterprise-class software applications. Collaborating with teams on IT security and compliance within the cloud environment.
Product Security Engineer
Product Security Engineer at Aras focusing on securing CI/CD pipelines and cloud platforms. Drive security-first culture, advance DevSecOps maturity, and collaborate with engineering teams.
Cybersecurity Teacher
Cybersecurity Teacher responsible for providing online education and support for students at Texas Virtual Academy in Texas. Delivering course content and ensuring student success in a virtual learning environment.
Security & Compliance Analyst
Senior Analyst ensuring the security and compliance posture of ERP applications for Cayuse. Providing consultative services and technical assistance within the CAPPS Program.
Information Security Officer – Maternity Leave Coverage
Information Security Officer at Vecima Networks responsible for ISMS maintenance and ISO compliance. Supporting governance activities, supplier security, and incident response during maternity leave coverage.
Senior Pre-Sales Security Architect
Senior Pre-Sales Security Architect serving as strategic advisor in cybersecurity for enterprise clients. Bridging cybersecurity strategy, solution architecture, and commercial execution across a broad partner ecosystem.
Email Security Architecture Manager
Manage Email Security Architects at Doppel, providing social engineering defense for clients. Establish operational excellence and guide customers in their security deployments.
Senior Cybersecurity Analyst – Blue Team, Vulnerability Management
Senior Cybersecurity Analyst at Dfense Security integrating into a client’s Blue Team. Responsible for vulnerability management and risk analysis in a dynamic environment.