Port.io
Security Compliance & Assurance Manager
– Port.io
Port is pioneering a next‑generation Developer Experience platform that unifies everything developers need in one interface. We’re looking for a hands‑on, technical writer and audit readiness expert to lead our security and compliance documentation as we pursue FedRAMP authorization and maintain industry‑standard frameworks (SOC 2, ISO 27001, GDPR).
Why we need you As a manager, you will own the creation, maintenance, and audit‑readiness of all compliance documentation. You’ll translate complex technical controls into clear policies, manage evidence repositories, and support continuous monitoring and compliance toolchains.
Who you’ll work with ♀️ You’ll report to the CIO and work closely with the GRC Manager and FedRAMP Program Manager as part of the Security & Risk team. Cross‑functional collaboration with Engineering, DevOps, IT, Product, Legal, HR, and external auditors (3PAOs, SOC 2 auditors) is essential.
What you’ll do
Write, maintain, and update the System Security Plan (SSP), Plan of Action & Milestones (POA&M), and all FedRAMP compliance documentation.
Develop and maintain security policies and procedures covering access control, incident response, data classification, encryption, and acceptable use.
Lead evidence collection and audit readiness for FedRAMP, SOC 2, ISO 27001, and GDPR.
Document technical control implementations with Engineering, IT, and the GRC Manager and translate controls into clear policy language.
Support continuous monitoring, control testing, and remediation tracking.
Manage customer security questionnaires, RFPs, and Trust Center content to support sales and assurance efforts.
Maintain compliance tooling and dashboards (e.g., Drata, Tugboat Logic) for real‑time control status visibility.
Coordinate internal and external audits with evidence packages and 3PAOs.
Build and maintain the compliance evidence repository and artifact management system.
Grow into a core GRC & Assurance leader supporting enterprise certifications and customer trust programs.
Requirements
5+ years in security compliance, audit, or assurance within SaaS or cloud environments.
Deep expertise in FedRAMP, SOC 2, ISO 27001 control frameworks.
Excellent technical writing – ability to translate technical controls into clear policies.
Experience building and maintaining compliance evidence repositories and control testing programs.
Strong technical knowledge of encryption, access management, logging, monitoring, and network security.
Hands‑on audit support with external assessors (3PAOs, SOC 2, ISO auditors).
Organizational skills and attention to detail – managing multiple compliance workstreams.
Collaborative communication style – effective with technical and non‑technical stakeholders.
Nice to have
Direct FedRAMP authorization experience (SSP, POA&M, continuous monitoring).
Customer‑facing security programs (Trust Center, security questionnaires, vendor assessments).
Experience with GRC automation platforms (Drata, Tugboat Logic, Vanta, OneTrust, Secureframe).
Background in technical security controls, risk management, or security engineering.
Certifications: CISSP, CISA, CISM, or equivalent.
Knowledge of GDPR, CCPA, or other privacy frameworks.
Experience in high‑growth SaaS or cloud infrastructure companies.
Technical ability to read/understand code and infrastructure configurations.
Seniority level Mid‑Senior level
Employment type Full‑time
Job function Accounting/Auditing and Finance
Industries Technology, Information and Internet
#J-18808-Ljbffr
– Port.io
Port is pioneering a next‑generation Developer Experience platform that unifies everything developers need in one interface. We’re looking for a hands‑on, technical writer and audit readiness expert to lead our security and compliance documentation as we pursue FedRAMP authorization and maintain industry‑standard frameworks (SOC 2, ISO 27001, GDPR).
Why we need you As a manager, you will own the creation, maintenance, and audit‑readiness of all compliance documentation. You’ll translate complex technical controls into clear policies, manage evidence repositories, and support continuous monitoring and compliance toolchains.
Who you’ll work with ♀️ You’ll report to the CIO and work closely with the GRC Manager and FedRAMP Program Manager as part of the Security & Risk team. Cross‑functional collaboration with Engineering, DevOps, IT, Product, Legal, HR, and external auditors (3PAOs, SOC 2 auditors) is essential.
What you’ll do
Write, maintain, and update the System Security Plan (SSP), Plan of Action & Milestones (POA&M), and all FedRAMP compliance documentation.
Develop and maintain security policies and procedures covering access control, incident response, data classification, encryption, and acceptable use.
Lead evidence collection and audit readiness for FedRAMP, SOC 2, ISO 27001, and GDPR.
Document technical control implementations with Engineering, IT, and the GRC Manager and translate controls into clear policy language.
Support continuous monitoring, control testing, and remediation tracking.
Manage customer security questionnaires, RFPs, and Trust Center content to support sales and assurance efforts.
Maintain compliance tooling and dashboards (e.g., Drata, Tugboat Logic) for real‑time control status visibility.
Coordinate internal and external audits with evidence packages and 3PAOs.
Build and maintain the compliance evidence repository and artifact management system.
Grow into a core GRC & Assurance leader supporting enterprise certifications and customer trust programs.
Requirements
5+ years in security compliance, audit, or assurance within SaaS or cloud environments.
Deep expertise in FedRAMP, SOC 2, ISO 27001 control frameworks.
Excellent technical writing – ability to translate technical controls into clear policies.
Experience building and maintaining compliance evidence repositories and control testing programs.
Strong technical knowledge of encryption, access management, logging, monitoring, and network security.
Hands‑on audit support with external assessors (3PAOs, SOC 2, ISO auditors).
Organizational skills and attention to detail – managing multiple compliance workstreams.
Collaborative communication style – effective with technical and non‑technical stakeholders.
Nice to have
Direct FedRAMP authorization experience (SSP, POA&M, continuous monitoring).
Customer‑facing security programs (Trust Center, security questionnaires, vendor assessments).
Experience with GRC automation platforms (Drata, Tugboat Logic, Vanta, OneTrust, Secureframe).
Background in technical security controls, risk management, or security engineering.
Certifications: CISSP, CISA, CISM, or equivalent.
Knowledge of GDPR, CCPA, or other privacy frameworks.
Experience in high‑growth SaaS or cloud infrastructure companies.
Technical ability to read/understand code and infrastructure configurations.
Seniority level Mid‑Senior level
Employment type Full‑time
Job function Accounting/Auditing and Finance
Industries Technology, Information and Internet
#J-18808-Ljbffr