GRC Program Manager

Are you ready to power the World's connections?

If you don’t think you meet all of the criteria below but are still interested in the job, please apply. Nobody checks every box - we’re looking for candidates that are particularly strong in a few areas, and have some interest and capabilities in others.

The Compliance Program Manager is responsible for end-to-end ownership of Kong’s compliance programs, acting as an internal auditor, ensuring continuous audit readiness, and managing external audits across Kong’s product portfolio.

This role leads compliance monitoring activities, identifies and tracks control gaps, maintains security policies and processes, and works closely with Customer Assurance, Security, Engineering, and Product teams to drive remediation and obtain/maintain certifications such as ISO 27001, and SOC 2 Type II.

Key Responsibilities

• Act as an internal auditor, continuously assessing the effectiveness of security and compliance controls across Kong’s products.

• Ensure ongoing audit readiness for compliance frameworks including ISO 27001 and SOC 2 Type II.

• Provide clear guidance on compliance requirements and expectations.

• Plan and execute internal control reviews and readiness assessments.

• Identify control gaps and weaknesses across Kong’s products and supporting processes.

• Assess gaps against applicable compliance frameworks and regulatory requirements.

• Document findings, risks, and recommendations in a clear and actionable manner.

• Collaborate closely with Customer Assurance SMEs to remediate identified compliance gaps for their assigned products, and align customer-facing assurance responses with actual control implementation

• Partner with Security, Engineering, SRE, Product, Legal, and IT teams to drive remediation efforts.

• Track remediation activities and ensure timely closure of findings.

• Provide risk-based guidance and prioritization to stakeholders.

• Own and execute continuous compliance monitoring activities across all Kong products.

• Validate that controls remain implemented and effective as products, systems, and processes evolve.

• Monitor changes to compliance frameworks and assess their impact on Kong’s control environment.

• Maintain compliance dashboards, metrics, and reporting for leadership.

• External Audit Management

  • Own and manage external audits and assessments end-to-end, including auditor engagement and coordination, audit planning and timelines, evidence request management

  • Facilitate evidence collection, validation, and submission across teams.

  • Serve as the primary point of contact for auditors and assessors.

  • Track audit findings and ensure appropriate remediation and closure.

• Security Policy & Process Management

  • Own the development, maintenance, and periodic review of security and compliance policies, standards, and procedures

  • Ensure policies remain aligned with compliance framework requirements, and actual operational practices

  • Drive policy awareness and adoption across the organization

  • Support updates to policies based on audit findings, risk assessments, and organizational changes

  Required Qualifications

  • 8+ years of experience in Compliance, GRC, Security, or Risk Management roles.

  • Strong working knowledge of ISO 27001 and SOC 2 Type II.

  • Proven experience acting as an internal auditor or compliance program owner.

  • Hands-on experience managing external audits and assessments.

  • Experience supporting multiple products or business units in a SaaS or technology organization.

  • Understanding of control design, implementation, and testing.

  • Familiarity with risk assessment and continuous compliance models.

  • Ability to understand and assess controls in SaaS, cloud, and hybrid environments.

  • Experience working with Engineering and SRE teams on technical controls.

  • Strong documentation and evidence management skills.

  • Excellent written and verbal communication skills.

  • Ability to clearly explain compliance requirements and audit findings to technical and non-technical stakeholders.

  • Strong cross-functional collaboration and stakeholder management skills.

  • Bachelor’s degree in Information Security, Computer Science, Risk Management, or a related field, or equivalent experience.

  • Certifications such as CISSP, CISA, CRISC, ISO 27001 Lead Implementer or Lead Auditor are preferred, but not mandatory.

About Kong:

Kong Inc., a leading developer of cloud API technologies, is on a mission to enable companies around the world to become “API-first” and securely accelerate AI adoption. Kong helps organizations globally — from startups to Fortune 500 enterprises — unleash developer productivity, build securely, and accelerate time to market. For more information about Kong, please visit www.konghq.com or follow us on X @thekonginc.