Compliance Manager SOC 2 / GDPR

Company Overview
We are a cloud-based service provider specializing in secure email communication and filtering solutions. For the past 3 years, we have successfully maintained SOC 2 Type 2 certification, ensuring the highest standards of security and compliance. We are committed to further improving the delegation of responsibility and internal compliance practices. Our infrastructure is based primarily in AWS, and we handle a wide range of customer data securely across our services.

Our customer support department serves as the first point of contact for our clients, addressing queries and concerns efficiently. We are looking to hire a part-time Compliance Manager to help manage our SOC 2, GDPR compliance, policies, and internal processes, using an online compliance management tool to track and streamline these activities.

Job Description
The Compliance Manager will be responsible for maintaining and improving our compliance posture with respect to SOC 2, GDPR, and other applicable regulations. This role will oversee the management of compliance documentation, internal audits, and the implementation of security controls. The Compliance Manager will work closely with customer support, IT, and other stakeholders to ensure ongoing compliance.

Leveraging Modern Tooling and AI
We prize efficiency and innovation, and encourage the use of modern tooling, including Large Language Models (LLMs) like AI-driven tools, to optimize workflows, automate repetitive tasks, and enhance accuracy. The ideal candidate will be expected to:
Utilize LLMs and AI-based tools to accelerate tasks such as policy generation, audit evidence documentation, and compliance checklists.
Implement automation technologies to streamline compliance tasks, improving both the quality and speed of audit preparation, evidence collection, and data analysis.
Stay informed of emerging AI and automation tools to continuously improve compliance processes and reduce manual overhead.

Key Responsibilities

SOC 2 Compliance Management:
Oversee ongoing compliance with SOC 2 standards, ensuring controls related to security, availability, confidentiality, and privacy are consistently enforced.
Manage and track tasks within an online SOC 2 compliance management tool, ensuring all deadlines and requirements are met.
Prepare evidence and documentation for SOC 2 Type 2 audits, leveraging our previous audit experience.
GDPR Compliance:

Manage compliance with GDPR, including overseeing processes related to data subject access requests, data breach notifications, and cross-border data transfer agreements.
Ensure ongoing adherence to GDPR requirements in day-to-day operations, coordinating with the customer support team to handle any customer-related GDPR inquiries.

Compliance Tool Management: This is the BIGGEST PART OF THIS ROLE
Use an online compliance management platform to track, document, and maintain all compliance-related tasks, evidence, and deadlines.
Regularly update the system with new policies, audit evidence, and controls to ensure audit readiness.
Secureframe.com

Policy & SOP Development:
Draft and maintain internal policies and standard operating procedures (SOPs), ensuring they align with SOC 2, GDPR, and other regulatory requirements.
Collaborate with department heads to ensure SOPs are implemented and followed effectively.
Audit Preparation & Management:

Coordinate internal and external audit activities, ensuring all documentation and evidence required for SOC 2 Type 2 audits is available and up to date.
Ensure customer-facing teams are aware of compliance protocols and help prepare the necessary evidence for the audit process.

Incident Response and Data Breach Management:
Develop and manage the response plan for any security or data breach incidents, ensuring notifications to authorities (GDPR) and affected customers are handled appropriately.
Track all incidents and ensure they are reported to the compliance management tool for record-keeping and audit purposes.
Continuous Process Improvement:

Review internal processes regularly to identify areas for improvement.
Make recommendations to streamline compliance efforts, improve documentation practices, and enhance collaboration between teams (such as customer support, IT, and legal).
Technical and Experience Requirements
Experience in Compliance Management:

Minimum of 3-5 years managing SOC 2, GDPR, or other relevant compliance frameworks.
Familiarity with compliance requirements for cloud-based services, particularly in AWS environments.
Familiarity with SOC 2 Tools:

Experience using an online SOC 2 compliance management tool to track compliance activities, audits, and document evidence.
Technical Understanding:

Solid understanding of cloud infrastructure security (AWS preferred) and how security controls relate to compliance.
Experience managing security incidents and coordinating between technical and non-technical teams to resolve compliance issues.
Documentation Skills:

Strong ability to create, update, and manage compliance-related documentation (policies, SOPs, evidence logs).
Experience with audit documentation preparation and ensuring all documentation is accessible and up to date.
Communication and Collaboration:

Ability to communicate compliance needs clearly across departments, including customer support, IT, and external auditors.
Strong organizational skills to manage multiple projects and timelines effectively.

Key Tools & Platforms
Secureframe: For managing SOC 2 compliance tasks, audits, and evidence.
Google Workspace: For managing documentation and collaboration.
YouTrack: For incident tracking and task management.
Freshdesk (Freshworks): For managing customer inquiries related to compliance and GDPR.
Compensation
Part-Time Role: Estimated [XX] hours per week, with flexible working hours.
Competitive hourly rate or salary based on experience.
Fully remote position.