Sr. Manager, Security, Risk & Compliance

What You'll Do

Ensure Customer Trust

• Customers trust their data on our systems. Your #1 priority is ensuring customers continue to trust SCW’s systems, product and risk frameworks.
• Ensure Sales Engineering can execute enterprise customer security reviews, DPA’s, complete RFPs and security diligence quickly and efficiently.
• Work closely with Legal, Sales and Revenue in the customer onboarding process to translate complex security requirements into clear, customer-friendly language.
• Maintain SCW Trust Centre and our Helpdesk security pages (https://help.securecodewarrior.com/hc/en-us/categories/360001983011-General-FAQs-more).
• Participate in customer cyber conversations and represent SCW’s security posture with credibility and clarity.

Lead Security, Risk, Compliance & AI Governance

• Lead security compliance activities across frameworks such as SOC2, ISO 27001, ISO42001, EU regulations (GDPR, CRA, NIS2), AI-specific regulations, and other evolving global standards.
• Participate in SCW’s evolving Data (AI) Governance program SCW’s AI governance program, including safe AI use, data governance rules, and updating our Generative AI Acceptable Use Policy.
• Provide both strategic guidance and hands-on execution for GRC initiatives.

Cross-Functional Partnership

• Partner with Engineering & Product, Corporate IT and Business Ops to embed security-by-design across the company.
• Review new product capabilities and business initiatives to ensure alignment with security and privacy requirements.

Governance, Reporting & Program Ownership

• Co-develop SCW’s GRC strategy with the CFO and General Counsel.
• Drive the Information Security Committee: agendas, follow-ups, speakers, and cross-functional alignment.
• Oversee incident response, business continuity, disaster recovery planning, and compliance.
• Prepare and deliver reports to Senior Leadership, the Audit Committee, Board of Directors, and key investors.

Security Education, Awareness & Vendor Management

• Lead internal security awareness training.
• Manage vendor risk assessments from procurement through ongoing monitoring.
• Own the assessment and completion of external security questionnaires.

What You'll Bring

• 7–10+ years of relevant security, risk, or compliance experience in Enterprise SaaS environment5+ years directly in Security/GRC roles.
• Experience in mid–late stage startups or scale-ups.
• Hands-on involvement with SOC 2, ISO 27001, GDPR, NIST, or similar frameworks.
• Experience working closely with Sales, Legal, and Product teams as a security SME.Strong technical understanding of cloud, application security, and modern infrastructure.
• AI security and governance exposure, including LLM threat modeling, AI data privacy considerations, and modern AI attack surfaces.
• Ability to communicate complex topics simply - to executives, engineers, and customers.
• One or more relevant certifications preferred (CISM, CISSP, CISA, CRISC, ISO 27001 Lead Auditor/Implementer, etc.)

Highly Valued

• AWS experience.
• Ability to balance pragmatism with strong security practices.
• Strong commercial awareness; able to support growth without compromising security.
• Self-starter mindset with the ability to operate independently in a fast-paced environment.A collaborative, supportive working style and willingness to help others succeed.
• Growth mindset - confidence navigating a fast-moving AI and security landscape.

The Impact You'll Have

• In your first 12 months, success looks like:
• A modernized, scalable GRC strategy aligned with SCW’s AI-first product direction.
• Strong customer trust demonstrated through faster deal cycles and smoother reviews.
• A clear, company-wide security narrative communicated consistently across teams.
• A security posture that supports innovation.
• Well-governed vendor risk processes across the business.
• Robust, consistent policies and training that help employees work securely.