Job Title: Security Assurance & Compliance Manager Department: Product Reports To: SVP of Product Location: Remote Employment Type: Full-Time, Exempt

Position Summary

SecureLogix Corporation is seeking an experienced Product Security Assurance & Compliance Manager to own and drive the company's Product Security Assurance & Compliance (PSAC) Program. Organizationally embedded within Product and reporting to the SVP of Product, this role directly supports revenue growth, security posture improvement, and organizational resilience. While the primary workflow of this role is driven by the sales cycle and customer-facing security requirements, the PSAC Manager operates with cross-functional accountability to Engineering, IT, Legal, and executive leadership — and maintains independence in the accuracy and integrity of all security assessments and responses, regardless of deal context.

This is a compliance, documentation, and program management role not a hands-on IT operations position. However, it demands deep product fluency. The PSAC Manager is expected to develop a thorough, systems-level understanding of SecureLogix products and platform architecture, including how they handle data, authenticate users, integrate with customer environments, and expose potential security considerations. This knowledge is not optional: it is the foundation for credible security assessment responses, meaningful gap analysis, and effective product-level risk identification.

SecureLogix is a security company. Our security program must reflect that, both in how we protect our environment and in how confidently we represent our posture to customers. The PSAC Manager is the program owner responsible for making that a reality.

Essential Duties and Responsibilities

1. Security Documentation Audit & Consolidation

The PSAC Manager will begin by conducting a comprehensive audit of all existing security-related documentation across the enterprise spanning SLC Corporate, Development, and Operations. A key finding from a recent customer assessment identified fragmented and duplicated documentation as an organizational risk. Addressing this is a Day 1 priority.

  • Inventory all existing security policies, procedures, standards, and evidence artifacts across the organization.
  • Identify duplicate, conflicting, or outdated documentation and consolidate into a single, authoritative source of truth.
  • Establish a version-controlled, centralized documentation repository accessible to authorized personnel.
  • Define and enforce documentation governance standards to prevent re-fragmentation over time.

2. Gap Analysis & Security Posture Improvement

Using enterprise customer security questionnaires as a diagnostic baseline, the PSAC Manager will systematically identify and prioritize gaps in SecureLogix's security controls, policies, and documentation.

  • Conduct a structured gap analysis mapped to relevant frameworks (NIST CSF, ISO 27001, CIS Controls, etc.) and customer requirements.
  • Maintain a prioritized remediation roadmap with clear ownership, timelines, and measurable outcomes.
  • Track remediation progress and provide regular status reporting to executive leadership.
  • Use recurring questionnaire themes to proactively identify systemic gaps before they surface in customer engagements.

3. Customer Security Assessment & Questionnaire Management

The PSAC Manager is the primary owner for all inbound security assessments, questionnaires, and due diligence requests across new sales opportunities and existing customer relationships.

  • Manage the full lifecycle of all inbound questionnaires (SPSRD, SIG, CAIQ, HECVAT, custom).
  • Build and maintain a centralized repository of pre-approved responses and supporting evidence artifacts to enable rapid, consistent turnaround.
  • Collaborate with Engineering, IT, Legal, and executive leadership to gather accurate technical and policy information.
  • Track all assessment timelines and ensure on-time delivery to support active sales cycles.
  • Leverage assessment responses to inform gap analysis and product-level risk identification (see Product Risk section below).

4. Internal Security Q&A Automation

Security questions originate from across SecureLogix — not just inbound customer questionnaires. Account teams, Operations staff, Finance, and executive leadership regularly field security-related inquiries in the course of normal business. The PSAC Manager will design and implement an automated internal solution to address this.

  • Design and deploy an internal, self-service security Q&A tool enabling any authorized SecureLogix employee to quickly retrieve accurate, pre-approved answers to common security questions.
  • Establish an escalation workflow: questions that do not return a sufficient answer are automatically flagged and routed to the PSAC Manager for resolution and knowledgebase enrichment.
  • Ensure the knowledgebase underlying the tool is continuously updated as policies, controls, and product capabilities evolve.
  • Reduce ad hoc security consultations across Sales, Ops, Finance, and leadership by providing a reliable self-service first line of response.

5. Product-Level Security Fluency & Risk Identification

This is a distinguishing requirement of the role. The PSAC Manager must develop and maintain a deep, systems-level understanding of SecureLogix products — not as a developer, but as a security-focused analyst who can read architecture documentation, understand data flows, evaluate integration patterns, and engage credibly with Engineering on security-relevant questions.

  • Invest time to achieve a thorough understanding of SecureLogix product architecture, data handling, authentication mechanisms, and customer-facing integrations.
  • Maintain fluency sufficient to accurately map product behavior to security controls and framework requirements when responding to customer assessments.
  • Identify product-level security risks or deficiencies surfaced through customer questionnaires, assessments, or gap analysis.
  • Submit product security improvement ideas through the formal Product Management process for prioritization and review — serving as an informed contributor to the product security roadmap.
  • Collaborate with Product Management and Engineering to ensure new features and enhancements are evaluated against documented security policies prior to release.
  • Sign-off on feature releases to ensure compliance with documented security policies and practices.

6. Security Certifications & Compliance Programs

  • Lead planning, execution, and maintenance of security certifications including ISO 27001 and other frameworks as required.
  • Manage certification project plans, timelines, and milestones from scoping through audit completion.
  • Coordinate with external auditors, assessors, and consultants throughout the certification lifecycle.
  • Identify and remediate control gaps in collaboration with IT and Engineering to achieve and maintain certification readiness.

7. Security Policy & Documentation Development

  • Develop, maintain, and continuously improve security policies, standards, and procedures aligned to NIST CSF, CIS Controls, ISO 27001, and customer requirements.
  • Maintain a controls matrix mapping organizational controls to multiple frameworks and customer requirements.
  • Manage the organization's risk register, including regular risk assessments and treatment plans.
  • Develop and maintain an AI security policy addressing emerging AI/ML risks and usage.
  • Ensure all security documentation is current, version-controlled, and audit-ready at all times.

8. Sales Enablement & Customer Trust

  • Partner with Sales to address security concerns during the sales cycle, participating in customer calls and presentations as the security subject matter expert.
  • Develop customer-facing security materials: whitepapers, trust center content, compliance summary sheets, and presentation-ready security briefings.
  • Proactively identify certification or compliance milestones that will strengthen competitive positioning.

9. AI Security Awareness & Internal Coordination

  • Maintain and deliver the employee AI security awareness training program, including onboarding and annual refresher training.
  • Coordinate with IT to ensure technical controls align with documented policies and compliance requirements.
  • Provide regular compliance status reports, certification progress, and risk briefings to executive leadership.

Required Qualifications

Education Bachelor's degree in Information Security, Cybersecurity, Business, or related field (or equivalent professional experience).

Experience 4+ years in information security compliance, GRC, or security audit/assessment roles.

Questionnaire Management Extensive hands-on experience responding to customer security assessments and third-party questionnaires.

Framework Knowledge Strong working knowledge of NIST CSF, CIS Controls, ISO 27001.

Technical Fluency Demonstrated ability to read and understand technical architecture documentation, data flow diagrams, and API/integration specifications sufficient to engage credibly with Engineering and accurately represent product behavior in security assessments.

Technical Writing Excellent skills producing clear, accurate, and professional security documentation for internal and customer-facing audiences.

Project Management Ability to manage multiple concurrent certification and assessment timelines with clear ownership and accountability.

CommunicationComfortable presenting to customers, auditors, and executive leadership on security posture and compliance matters.

Preferred Qualifications

  • Industry certifications: CISSP, CISM, CISA, CRISC, CCSK, or CompTIA Security+.
  • Familiarity with Microsoft 365 security and compliance tooling (Purview, Defender, Entra ID).
  • Experience working in or supporting a sales organization with security compliance responsibilities.
  • Background in telecommunications, VoIP, or enterprise security products.
  • Experience with GRC platforms (Vanta, Drata, OneTrust, or similar).
  • Experience designing internal knowledge management or Q&A automation systems.
  • Knowledge of AI security policy development and emerging AI/ML risk frameworks.
  • Experience managing compliance in a small-to-midsize enterprise (50–150 employees) with limited resources.

Work Environment

  • Remote — eligible states: AZ, CA, CO, CT, FL, GA, IL, IN, KS, MD, MA, MO, NC, NJ, NY, OH, PA, SC, TX, VA, TN, WI.
  • Embedded within Product, reporting to the SVP of Product; operates cross-functionally with Engineering, IT, Sales Operations, Legal, and Finance.
  • Maintains independence in security assessment accuracy and integrity; cross-functional accountability extends to executive leadership for escalation of significant security risks or gaps.
  • Collaborative, technology-focused culture with a strong emphasis on security as a competitive differentiator.
  • Occasional extended hours may be required to meet assessment, audit, or customer-facing deadlines.

Compensation & Benefits

SecureLogix offers a competitive salary commensurate with experience, along with a comprehensive benefits package including health insurance, retirement plan, paid time off, and professional development support — including financial support for security certification attainment.

EEO Statement

SecureLogix Corporation is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status. This job description is not intended to be an exhaustive list of all duties, responsibilities, or qualifications. SecureLogix reserves the right to modify this description at any time.

To Apply

Send a resume to hr@securelogix.com or apply on LinkedIn.