Principal Security and Compliance Manager

SearchStax is seeking a proactive and experienced Principal Security and Compliance Manager to own and drive our security and compliance initiatives. Reporting to the COO, this role is critical to ensuring that SearchStax continues to maintain a strong security posture, achieves and sustains compliance certifications (e.g., SOC 2, ISO 27001), and adheres to relevant regulatory frameworks such as GDPR, HIPAA, and FedRAMP. As part of a fast-growing SaaS startup, you will play a key role in scaling security and compliance programs to meet evolving business and customer needs.

If this sounds like you, let’s talk! 

Compliance Program Management:

• Lead and manage compliance certifications such as SOC 2, ISO 27001, and others required by customers and regulators.

• Develop, implement, and enhance policies, procedures, and controls to align with compliance standards.

• Oversee external audits and act as the primary point of contact for auditors and assessors.

• Assemble and execute against a longer-term compliance plan, which will evolve and transform as the Company scales.  

Security Oversight:

• Develop and maintain an effective information security program to protect company and customer data.

• Collaborate with Engineering and IT teams to ensure security best practices are implemented in product development, infrastructure, and operations.

• Monitor security risks and vulnerabilities, and drive remediation efforts.

Risk and Governance:

• Conduct regular risk assessments to identify, evaluate, and mitigate risks.

• Establish and maintain a governance, risk, and compliance (GRC) framework to track compliance and security activities.

• Stay updated on regulatory changes and adjust programs to meet new requirements (e.g., GDPR, CCPA, HIPAA, FedRAMP).

Documentation and Reporting:

• Maintain detailed records of security and compliance frameworks, policies, and audit evidence.

• Provide regular updates to the COO and executive team on the state of security and compliance initiatives.

• Prepare responses to customer security and compliance questionnaires.

• Maintain and update SearchStax Policies in alignment with the leadership team and their updates to meet compliance requirements

Cross-Functional Collaboration:

• Work closely with Sales, Customer Success, and Legal teams to address customer compliance inquiries and ensure alignment with contractual obligations.

• Partner with Product and Engineering teams to ensure security and compliance are built into product design and development.

Training and Awareness:

• Develop and deliver security and compliance training programs to employees.

• Foster a culture of security awareness and accountability across the organization.

• Bachelor’s degree in Information Security, Business Administration, or a related field.

• 4–6+ years of experience in security, compliance, or risk management, preferably in a SaaS or technology environment.

• Hands-on experience with SOC 2, ISO 27001, and related compliance frameworks.

• Strong understanding of security best practices and frameworks (e.g., NIST, CIS Controls).

• Knowledge of GDPR, CCPA, HIPAA, and/or FedRAMP.

• Excellent organizational and project management skills with the ability to prioritize in a fast-paced environment.

• Strong analytical, problem-solving, and communication skills.

• Security or compliance certifications such as CISA, CISM, CISSP, or CIPT preferred.

• Experience working in a growth-stage SaaS startup preferred

• Familiarity with cloud platforms like AWS, Azure, or Google Cloud preferred

• Experience with GRC tools and processes preferred.

• 🌍 Remote-First: We're a diverse team spanning the United States and India, with collaborative workspaces in Los Angeles, CA and Boston, MA.

• 💰 Competitive Compensation & Stock Options: We want you to share in our success. As a team member, you'll have the chance to become a shareholder.

• 🌱 401k Match: We offer a 4% match on 401k contributions to help you save for the future.

• 💉 Healthcare Benefits: Your health matters! We've got you covered with comprehensive medical, dental, and vision plans. Best of all, we foot the bill for 100% of employee-only premiums.

• 🌴 Paid Time Off: We value work-life balance. We offer flexible vacation time and paid holidays.

• 🚀 Exciting Growth Opportunities: We are building cutting-edge open source and cloud technology. There is no shortage of opportunities to innovate and grow your career.

Pay Transparency

• Base Salary: The base salary range for this role is $145,000-$165,000.

• Salary Structure: Our salary ranges are determined by market analysis and are designed to evolve with job performance over time.

• Additional Benefits: Beyond base salaries, SearchStax employees enjoy a comprehensive benefits package, with potential for equity and performance-based bonuses.

We work hard to present an equitable and fair offer. We look at the candidate’s knowledge, skills, and experience, along with their compensation expectations and align that with our company equity processes to determine our offer ranges.

Additional Information

We believe in supporting people to do their best work and thrive, and building a diverse, equitable, and inclusive company is core to our mission. Our goal is to ensure that SearchStax upholds an inclusive environment where all people feel that they are equally respected and valued, whether they are applying for an open position or working at the company.

SearchStax is an equal opportunity employer. We do not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, marital status, age, disability, national or ethnic origin, military service status, citizenship, or other protected characteristic.

E-Verify process is completed in conjunction with the Form I-9 Employment Eligibility Verification on or before the first day of work. E-Verify is not used as a tool to pre-screen candidates. For up-to-date information on E-Verify, go to https://www.e-verify.gov/.