Focus Sales role at api GmbH, engaging clients and supporting Cloud business growth. Collaborate with teams for optimal client service and success in IT products.
TP
Hybrid Security Risk & Compliance Manager
Posted 2 months ago
About the role
- Security Risk & Compliance Manager managing security assessments and compliance activities at TrueContext. Leading risk management, customer inquiries, and vendor assessments in a hybrid work environment.
Responsibilities
- Lead end-to-end completion of customer security questionnaires, RFIs, and due diligence requests, coordinating inputs from engineering, security, and leadership to ensure accurate and consistent responses
- Maintain and continuously improve a reusable library of standard security answers, architecture descriptions, and supporting evidence mapped to SOC 2 and related frameworks
- Own the third-party/vendor security lifecycle: intake, risk triage, detailed security assessments for higher-risk vendors, ongoing monitoring, and periodic reassessment
- Review vendor SOC 2 reports and other attestations, identify issues or exceptions, document risk, and drive agreed mitigation actions with internal owners
- Coordinate the company’s SOC 2 program activities, including control mapping, evidence collection, tracking remediation items, and preparing for audits
- Partner with engineering teams to understand system design, data flows, and operational practices, translating technical details into clear security and compliance narratives
- Provide security and compliance input on contracts and DPAs, working with Legal and Procurement on security clauses, data protection requirements, and vendor obligations
- Define and track practical metrics (e.g., questionnaire volume/SLAs, vendor risk tiers, open remediation items) and report status and risks
- Educate Sales, Customer Success, and other go-to-market teams on security positioning, SOC 2 scope, and standard responses
Requirements
- 2–5 years of experience in information security, risk management, compliance, or related roles, ideally in a SaaS or cloud-native environment
- Direct experience with customer security questionnaires and vendor risk assessments, including reading SOC 2 reports and other security attestations
- Solid understanding of SOC 2 principles and common security controls (access management, encryption, logging/monitoring, SDLC, incident response, business continuity)
- Ability to interact confidently with senior engineers, translate between technical and non-technical audiences, and influence without direct authority
- Strong written and verbal communication skills with an emphasis on clarity, consistency, and reusability of security and compliance messaging
- Experience with GRC, vendor risk, or compliance platforms (e.g., SOC 2 automation tools, vendor risk management tools) is an asset
Benefits
- Company-wide & team social events
- Wellness yearly allowance
- Annual learning allowance
- Great time off benefits (4 weeks of vacation + 2 True2ME days + 1 TrueCrewCares day)
- Summer FriYAYs (every other Friday off from Victoria Day until Labour Day)
- Catered lunches 2x per week
- An amazing office space with plenty of snacks, drinks, and space to collaborate
- Hybrid work environment (3 days a week in the office)
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Security Engineering Manager leading Detection & Response team at Snap. Overseeing security monitoring and team collaboration on high - impact initiatives.
Mid - Level Security Design & Development Specialist at Boeing involved in directory services infrastructure. Collaborating with a team of senior technical experts in a fast - paced environment.
Application Security Specialist conducting SAST and DAST analyses at TEHORA to enhance digital healthcare security. Responsible for code reviews, OWASP recommendations, and participation in intrusion tests.
Facilities and Security Coordinator providing operational support for facility operations at Westinghouse. Coordinating administrative tasks, reporting, and ensuring compliance in facility management.
Information Security Specialist ensuring digital security and compliance at cyberunity AG in Zürich. Collaborating with IT teams to implement security measures and address vulnerabilities.
Data & Cloud Security Manager overseeing security programs for protecting sensitive data at Digital Realty. Leading initiatives in data protection and cloud security across various environments.
Cybersecurity GRC Lead responsible for governance, risk, and compliance at Emerson's Industrial IoT division. Shaping the cybersecurity agenda within a fast - evolving environment.
Security Personnel responsible for access and entry controls, ensuring safety standards at proSicherheit. Collaborating on reports and preventing criminal activities in various settings.
Security staff conducting access and entry controls and ensuring safety standards in Hamburg, Germany. Team collaboration and reporting tasks required for effective security measures.