Source Job

Canada Unlimited PTO

  • Manage multi-jurisdictional compliance execution including HIPAA, GDPR, PIPEDA, and emerging privacy laws.
  • Lead IT operations and service delivery including user onboarding, device management, and identity & access management.
  • Drive vendor risk management and BAA/DPA lifecycle, ensuring breach notification timelines and data deletion commitments.

HIPAA GDPR SOC 2 ISO 27001 IT Operations

20 jobs similar to Senior Manager, Infosec, IT & Compliance

Jobs ranked by similarity.

Canada Unlimited PTO

  • Lead and evolve information security, IT operations, and compliance programs to protect sensitive data and support growth.
  • Manage compliance initiatives across HIPAA, GDPR, PIPEDA, and other regulatory frameworks.
  • Drive security maturity, including SOC 2 and ISO 27001 readiness, and vendor risk management.

Partner company is a healthcare technology organization focused on improving healthcare outcomes. The company is remote-first and growing, with a mission-driven culture.

IT Manager

Vynca
US

  • Lead a distributed IT team and manage day-to-day IT operations, including hardware lifecycle, endpoint provisioning, and user support for a fully remote workforce.
  • Ensure compliance with HIPAA, SOC 2, and security policies by implementing access controls, endpoint security, and identity management.
  • Partner with Engineering, Security, Compliance, and HR to support organizational growth, security initiatives, and improve operational efficiency.

Vynca is a healthcare technology and services company focused on palliative care, advance care planning, and enhanced care management. It is a small, close-knit community guided by core values of excellence, compassion, curiosity, and integrity.

Canada Europe Unlimited PTO

  • Support active and upcoming audits including ISO 27001, SOC 2, PCI DSS, and HIPAA by coordinating evidence and working with control owners.
  • Conduct risk assessments, update risk registers, track remediation, and perform third-party risk management reviews.
  • Respond to customer and prospect security/compliance questions and improve repeatable processes and evidence quality.

Upsun is the cloud application platform for hybrid teams, enabling developers to build, ship, and scale confidently without managing backend infrastructure. The company has a remote, global workforce and fosters a multicultural, open, and inclusive culture with a focus on open source and innovation.

$232,320–$303,600/yr
US Unlimited PTO

  • Manage Omada’s HIPAA privacy program, including policy development, incident investigations, and breach response.
  • Drive privacy-by-design across digital products, embedding privacy into development and clinical operations.
  • Provide expert guidance on consumer privacy compliance, AI governance, and interoperability frameworks.

Omada Health is reverse engineering the way healthcare is delivered in America, putting the space between doctor visits at the center of care. They have served more than two million members since launch across 2,000+ employers, health plans, and health systems, and have been certified as a Great Place to Work.

$200,000–$250,000/yr
US Unlimited PTO 24w maternity 24w paternity

  • Lead corporate IT and enterprise security operations, including system architecture and budget management.
  • Partner with DevOps to ensure security requirements extend to the product platform.
  • Manage external SOC providers and MDR platforms across the corporate fleet.

VIA is a digital infrastructure company that provides mission-critical organizations with speed and security, specializing in agentic AI, zero-trust identity, quantum-resistant data, and offline stablecoin payments. The company is fast-paced and technology-focused, with a flat, non-traditional hierarchy emphasizing continuous coaching and cross-functional collaboration.

Europe 5w PTO

  • Own and drive the compliance roadmap across multiple frameworks like ISO 27001, TISAX, SOC 2, and GDPR.
  • Implement ISO 27001 and adjacent frameworks end-to-end for customers, ensuring successful audits.
  • Mentor the compliance team, conduct internal audits, and act as the senior compliance voice for customers, auditors, and product.

Secfix automates security compliance for companies, helping them achieve ISO 27001, GDPR, TISAX, and SOC 2 quickly. They are a high-performing 100% remote team with hubs in Germany and the UK, backed by top VCs.

US

  • Serve as an IS&T Program Expert and Accreditor, evaluating security and technology systems across the federation and conducting PCI DSS compliance activities.
  • Conduct risk assessments and technical analyses to identify non-compliance with NIST CSF and HIPAA Security, and manage corrective actions.
  • Communicate professionally with technical and non-technical stakeholders to ensure timely project management and education on compliance requirements.

Planned Parenthood is the nation's leading provider and advocate of high-quality, affordable sexual and reproductive health care, and the largest provider of sex education. PPFA is a 501(c)(3) supporting independently incorporated affiliates that operate non-profit health centers across the U.S., with a culture of fostering belonging and learning.

$51,840–$64,800/yr
Europe

  • Support the ISO 27001 program by maintaining audit readiness, running evidence collection, and managing access reviews.
  • Perform recurring security operations including vulnerability scanning, risk assessments, and vendor reviews.
  • Collaborate cross-functionally to harden identity and access management, respond to security questionnaires, and support AI governance initiatives.

Didomi is a consent management platform that helps companies manage user consent and data privacy. The company is a growing SaaS organization with a collaborative culture, emphasizing automation and efficiency.

US APAC EU LATAM

  • Own day-to-day IT operations and end user services across a globally distributed workforce, delivering exceptional support and managing hardware lifecycle.
  • Administer identity platforms including Google Workspace, AWS IAM, and SSO, implementing least-privilege access models and performing periodic access reviews.
  • Partner with Security, Compliance, and Legal to maintain secure operations aligned with SOC 2, ISO 27001, and PCI DSS, while building scalable processes from the ground up.

Hamsa is building the operating system for global finance through an AI-enabled Unified Ledger that connects the world's largest financial institutions. With $400B on platform in 2025 and backing from top-tier investors, our global team operates across the US, APAC, EU, and LATAM, scaling rapidly to reshape the financial system.

$198,238–$233,221/yr
US

  • Own and manage the compliance program including SOC 2 and ISO 27001 readiness and audits.
  • Lead risk assessments, control testing, and enterprise risk management processes.
  • Partner with Engineering, Security, Product, Legal, HR, and Operations to embed compliance into business processes.

Calendly is a scheduling platform used by millions to automate meetings and streamline time management. They are a rapidly growing SaaS company fostering a culture of learning and high performance.

$150,000–$170,000/yr
US Unlimited PTO

  • Lead the governance, risk, and compliance function across security policies, standards, risk management, audits, and third-party risk.
  • Own audit readiness and ongoing compliance programs across frameworks such as SOC 2, ISO 27001, GovRAMP, PCI DSS, HIPAA, NIST CSF, and more.
  • Manage third-party and supply chain risk management, including vendor security reviews, due diligence, and remediation tracking.

Accela provides government software solutions to improve efficiency, increase citizen engagement, and enable thriving communities. They have been an industry leader for nearly 20 years and are committed to diversity, equity, and inclusion.

United States Unlimited PTO

  • Partner with the CISO to drive security strategy, roadmap, and execution across application security, GRC, and operations.
  • Support compliance initiatives including PCI, SOC 2, ISO 27001, DORA, and FedRAMP readiness.
  • Serve as a trusted security leader in customer-facing settings, translating technical risks into business language.

Sardine is the leading agentic risk platform for fighting financial crime, integrating data across risk teams to stop fraud and automate AML operations. With over 6 billion profiled devices and 800 million consumers, we maintain a remote-first culture that values performance over hours worked.

$147,800–$164,000/yr
Global 18w maternity 16w paternity

  • Serve as a primary compliance resource embedded in the Alma-to-Spring Health integration, mapping control environments and building a unified compliance organization.
  • Own and lead enterprise-level compliance programs including SOC 2 Type II, HITRUST, HIPAA, GDPR, ISO 27001, ISO 42001, and ITGC-SOX.
  • Develop and operationalize Spring Health's AI governance program, including policies, risk frameworks, and AI-specific compliance documentation.

Spring Health is a global mental health company on a mission to eliminate every barrier to mental health. With outcomes independently validated by JAMA Network Open, Spring Health reaches more than 170 million people worldwide through leading employers, health plans, and partners.

US

  • Develop and maintain the enterprise IT GRC strategy, framework, and roadmap, presenting updates to executive leadership.
  • Lead enterprise IT risk assessments, maintain risk registers, and oversee remediation efforts.
  • Ensure compliance with regulations like NIST, ISO 27001, SOC, PCI-DSS, HIPAA, GDPR, and SOX.

Mission Critical Group is an end-to-end power solutions and services provider that accelerates time-to-power for mission critical environments. With over 1.5 million square feet of U.S. manufacturing capacity, the company supports data centers, healthcare, and industrial facilities where uptime is non-negotiable.

$190,000–$210,000/yr
Global

  • Own Filevine's FedRAMP 20x strategy and execution, including evidence automation, continuous monitoring, and certification readiness.
  • Drive the security compliance and trust program across FedRAMP, SOC 2, ISO, HIPAA, and PCI-DSS, converting obligations into engineering work.
  • Lead cross-functional alignment and executive reporting to ensure compliance, privacy, and security priorities are shipped on time.

Filevine is a Legal AI company delivering Legal Operating Intelligence for the future of legal work. Fueled by a team of exceptional collaborators and innovators, Filevine’s rapid growth has earned AI awards and recognition from Deloitte and Inc. as one of the most innovative and fastest-growing technology companies in the country.

US Unlimited PTO

  • Manage export compliance operations including restricted party screening and sanctions checks to ensure adherence to U.S. EAR and OFAC regulations.
  • Support global privacy operations by maintaining data processing agreements, SCCs, and privacy documentation.
  • Coordinate compliance evidence for customer diligence, audits, and certifications like SOC 2 and ISO 27001.

Horizon3.ai is a fast-growing cybersecurity company that helps organizations proactively find and fix exploitable attack vectors with its NodeZero platform. It is a remote team of former special operations cyber operators and startup engineers committed to a culture of respect, collaboration, ownership, and results.

Global

  • Manage the Compliance and Security workstream within a telecom transformation program, coordinating SOC 2, ISO/IEC 27001, and GDPR readiness activities.
  • Build and maintain the workstream plan with milestones, deliverables, and RAID logs, while driving evidence collection and control-owner alignment.
  • Facilitate workshops, track remediation across multiple domains, and ensure alignment with adjacent program streams and governance forums.

Miratech helps visionaries change the world as a global IT services and consulting company supporting digital transformation for large enterprises. With nearly 1000 professionals operating across 25+ countries and a 99% project success rate, their culture emphasizes relentless performance and growth.

$112,700–$180,300/yr
US

  • Lead end-to-end third-party audits, evidence collection, and compliance onboarding for new products and features.
  • Partner with cross-functional teams to design and validate internal controls across SOX, SOC, HIPAA, and PCI frameworks.
  • Drive continuous improvement by standardizing processes, reducing manual effort, and collaborating on automated compliance monitoring.

Jobgether uses AI-powered matching to streamline job applications. They are a company focused on connecting candidates with hiring employers through automated shortlisting, with a transparent and flexible work culture.

US 5w PTO

  • Take ownership of building and scaling comprehensive security, privacy, and compliance programs that protect customer data.
  • Lead compliance initiatives such as SOC 2 Type 2 audits and evaluate additional frameworks like ISO 27001 and HIPAA.
  • Build scalable automated security processes by replacing manual tasks with scripts, APIs, and AI-powered solutions.

Our partner is a technology company focused on building secure, scalable systems. They operate with a remote, collaborative culture emphasizing ownership, transparency, and continuous improvement, with around 50–300 employees.

$132,000–$165,000/yr
US Unlimited PTO

  • Manage and support compliance certifications including SOC 2, HITRUST, and ISO 27001 audits across the audit lifecycle.
  • Serve as the subject matter expert across the company on compliance frameworks and primary point of contact for external auditors.
  • Maintain the risk register, drive risk identification and reporting, and scale GRC function with AI and automation.

Garner transforms the healthcare economy by partnering with employers to redesign healthcare benefits using data-driven insights. It is a fast-growing healthcare technology company with a mission-driven team focused on making healthcare more affordable and high-quality.