Compliance Program Manager

Are you ready to power the World's connections?

If you don’t think you meet all of the criteria below but are still interested in the job, please apply. Nobody checks every box - we’re looking for candidates that are particularly strong in a few areas, and have some interest and capabilities in others.

Role Summary

This senior individual contributor with program ownership responsibility is a high-impact role supporting customer trust, audits, and revenue enablement. The Compliance Program Manager is responsible for customer-facing security and compliance assurance for a designated Kong product, while also owning the PCI-DSS compliance program and certification lifecycle for that product.

This role acts as the primary Subject Matter Expert (SME) for customer assurance, audit readiness, and PCI-DSS controls, partnering closely with Engineering, SRE, Product, Legal, and Compliance teams. The role is critical to maintaining customer trust, supporting sales motions, and ensuring ongoing regulatory and industry compliance.

Key Responsibilities

• Manage the end-to-end PCI DSS compliance program, ensuring adherence to the latest v4.0 standards.

• Conduct regular internal assessments and readiness reviews for Reports on Compliance (ROC).

• Serve as the Customer Assurance SME for one assigned Kong product (Dedicated Cloud Gateways).

• Support all customer assurance requests for the assigned product, including security questionnaires, due diligence reviews and compliance inquiries

• Attend customer calls as required to explain the product’s security posture, compliance controls, and audit status.

• Ensure responses are accurate, consistent, and aligned with approved Kong messaging.

• For customer assurance requests involving multiple Kong products, collaborate with other product SMEs to deliver coordinated, consistent and high-quality responses

• Ensure alignment between product-specific responses and Kong’s broader security and compliance posture.

• Cater to audit evidence requirements for the assigned product.

• Partner with the Compliance Program Manager and internal stakeholders to ensure ongoing audit readiness for frameworks such as ISO 27001, SOC 2 Type II.

• Validate that security and compliance controls are documented, implemented, and supported by appropriate evidence.

• Drive the implementation of security and compliance best practices across the assigned product.

• Foster strong cross-functional collaboration across Security, Engineering, SRE, Product, Legal, and Sales teams.

• Promote secure-by-design and compliance-by-design principles in product development and operations.

• Identify control gaps and drive remediation efforts with Engineering and Product teams.

• Participate in cross-training initiatives with other Customer Assurance and Compliance SMEs.

PCI-DSS Program Ownership (Product-Specific)

• Own end-to-end PCI-DSS compliance for the assigned Kong product, including:

  • Scope definition and validation

  • Control implementation and documentation

  • Evidence collection and maintenance

  • Annual PCI-DSS assessments and certification

• Act as the primary point of contact for PCI-related matters, including:

  • Internal stakeholders

  • Qualified Security Assessors (QSAs)

  • Customer PCI inquiries

• Ensure PCI controls are embedded into product architecture and operational processes.

• Track PCI requirements, changes, and remediation activities to maintain continuous compliance.

Required Qualifications

• 8+ years of experience in Customer Assurance, Security Compliance, GRC, or Trust roles

• Demonstrated experience owning end-to-end PCI-DSS compliance programs

• Experience supporting customer-facing security and compliance engagements

• Prior experience working in SaaS, cloud, or infrastructure platforms

• Strong hands-on knowledge of PCI-DSS

• Experience managing audits, assessments, and evidence collection

• Understanding of shared responsibility models and cloud security controls

• Understanding of APIs, cloud-native architectures, or platform security is a strong plus

• Excellent written and verbal communication skills

• Ability to translate complex compliance requirements into customer- and engineer-friendly language

• Comfortable engaging with enterprise customers, auditors and QSAs, and internal leadership and cross-functional teams

• Bachelor’s degree in Information Security, Computer Science, or a related field, or equivalent practical experience

• PCI Professional (PCIP), PCI Internal Security Assessor (ISA), CISSP, CISA, CRISC, or ISO 27001 certifications preferred but not mandatory

About Kong:

Kong Inc., a leading developer of cloud API technologies, is on a mission to enable companies around the world to become “API-first” and securely accelerate AI adoption. Kong helps organizations globally — from startups to Fortune 500 enterprises — unleash developer productivity, build securely, and accelerate time to market. For more information about Kong, please visit www.konghq.com or follow us on X @thekonginc.