We Love AI JobsWe Love AI JobsHave companies apply to you
Back to jobs

Manager, Information Security Compliance & Audit Programs

WorkAxle
Quebec, Canada
Full-time
AI tools:
AI-driven tools
Applications go directly to the hiring team

Full Description

Reports to: Chief Operating Officer

Location:  Remote

Position Summary

We are seeking a detail-oriented, execution-focused compliance and audit professional to join our organization as Manager of Information Security Compliance & Audit Programs. Reporting to the COO, this individual will run the day-to-day operations of our ISO 27001:2022 Information Security Management System (ISMS) and ISO 27018:2019 Cloud Privacy Program, as well as our SOC 2 Type II controls and audits. This role will be responsible for performing the hands-on work required to maintain certification, manage audit readiness, execute continuous improvement initiatives, conduct vendor assessments, and carry out risk management activities across all compliance frameworks. The ideal candidate has worked within mature security compliance programs, written and maintained policies and procedures, performed vendor risk assessments, coordinated recurring audits, and contributed to cross-functional compliance maturity in SaaS or cloud environments. They will also apply AI and automation tools within compliance, risk, and audit processes—using emerging technologies to increase accuracy, streamline evidence management, and improve organizational readiness while maintaining compliance with global privacy and AI governance standards.

Program Governance & Continuous Compliance

- Run and maintain the company’s ISO 27001:2022 and ISO 27018:2019 certifications and SOC 2 Type II program as an integrated compliance framework on a day-to-day basis.

- Perform ongoing compliance activities, control effectiveness testing, and evidence collection to maintain certification status.

- Conduct internal audit cycles, coordinate external surveillance and recertification audits, and execute annual SOC 2 Type II renewals.

- Implement continuous improvements to the ISMS, SOC 2 controls, and supporting governance frameworks to advance compliance maturity.

- Build and maintain compliance roadmaps, control libraries, and KPIs and prepare reports for senior leadership and the board.

- Apply automation and AI-driven tools to compliance monitoring and control testing to improve speed, accuracy, and visibility across frameworks.

Policy, Procedure & Control Framework Management

- Write, update, and manage information security, privacy, and compliance policies and procedures in alignment with ISO 27001:2022, ISO 27018:2019, SOC 2 Type II, and relevant regulatory frameworks (e.g., GDPR, CCPA).

- Document and maintain the control framework, including ownership assignments, control mapping, evidence repositories, and testing schedules.

- Align controls across frameworks to reduce redundancy and maximize audit efficiency.

- Manage documentation within GRC or compliance management platforms (e.g., Carbide, Vanta, Drata, Tugboat Logic).

- Verify that AI-assisted tools used in control documentation, mapping, and monitoring follow governance best practices (e.g., transparency, bias prevention, and data security in accordance with ISO 27018:2019).

- Create internal guidelines and awareness materials for responsible AI use in compliance operations.

Risk Management

- Execute and maintain the organization’s risk management program, including performing risk identification, assessment, treatment planning, and monitoring.

- Maintain the risk register, conduct risk reviews with business units, and prepare reports on risk trends, residual exposure, and mitigation progress.

- Ensure risk processes align with ISO 27001:2022 Annex A controls and SOC 2 Trust Services Criteria.

- Facilitate risk acceptance processes and track treatment plans through closure.

- Incorporate AI systems and automation initiatives into the enterprise risk assessment process, evaluating potential risks around data integrity, bias, explainability, and compliance with applicable AI governance standards (e.g., NIST AI RMF, ISO/IEC 42001).

- Work with business units to ensure that AI adoption in operations aligns with the company’s risk appetite, ISO 27001:2022 framework, and SOC 2 Type II obligations.

Vendor & Third-Party Assurance

- Run the vendor risk management program, ensuring that security, privacy, and compliance expectations are contractually embedded and monitored.

- Perform vendor assessments, reviews, and periodic re-evaluations to verify compliance with ISO 27018:2019 and SOC 2 control expectations.

- Coordinate with Legal, Procurement, and IT to evaluate new vendors, assess risks, and ensure data protection agreements are in place.

- Collect and maintain evidence and documentation to support audit requirements for third-party assurance.

- Review vendor-provided AI or automation tools for compliance with security, privacy, and transparency requirements under ISO 27018:2019 and SOC 2 Trust Services Criteria.

- Require vendors to disclose use of AI-driven automation in security or compliance tooling and document associated controls.

Audit Coordination & Evidence Management

- Serve as primary point of contact for internal and external auditors during ISO and SOC 2 audits.

- Manage the audit cycle calendar, scope definition, readiness testing, evidence collection, and corrective action tracking.

- Execute post-audit remediation, track action items, and maintain detailed documentation to demonstrate compliance maturity.

- Work cross-functionally (Security, IT, HR, Engineering, Product, and Legal) to ensure timely audit responses and control ownership accountability.

- Use AI-enabled platforms to automate evidence tagging, summarization, and gap detection to reduce manual effort and improve audit readiness efficiency.

Stakeholder Collaboration & Communication

- Work with IT, Engineering, Security, Product, HR, Legal, and Operations to embed controls and improve compliance processes.

- Deliver compliance training and awareness programs for employees and vendors.

- Communicate audit and compliance information in business-friendly terms for executives, board members, and customers.

- Support the organization during customer security reviews and RFP responses as a subject-matter resource for compliance posture.

- Help stakeholders understand and adopt the safe, ethical, and efficient use of AI technologies within compliance workflows and operational processes.

Continuous Improvement, AI & Automation

- Research and test emerging compliance tools, automation platforms, and process improvements to streamline evidence collection, control testing, and reporting.

- Track evolving regulatory and certification standards and update policies and controls accordingly.

- Build and maintain compliance KPIs and dashboards to measure program maturity and effectiveness.

- Execute initiatives that align compliance value with customer trust and operational excellence.

- Test and implement emerging AI-driven compliance and audit tools that support evidence analysis, control mapping, and predictive risk insights.

- Monitor evolving AI governance standards (ISO/IEC 42001, NIST AI RMF) to ensure alignment with organizational controls.

- Apply AI-assisted data analytics, compliance dashboards, and automated reporting to enhance decision-making and audit transparency.

Required Qualifications

- Bachelor’s degree in Information Security, Computer Science, Business, or related field; Master’s a plus.

- 5–8+ years of experience in information security compliance, audit, or risk management, with hands-on program execution experience.

- Direct experience running ongoing ISO 27001 and SOC 2 Type II programs—not just initial certification.

- Working knowledge of ISO 27018:2019 and privacy frameworks for cloud or SaaS environments.

- Solid understanding of Trust Services Criteria, risk management methodologies, and ISMS principles.

- Demonstrated success participating in and coordinating external audits with minimal findings.

- Strong communication, policy-writing, and cross-functional coordination skills.

- Hands-on experience with GRC and compliance platforms (e.g., Carbide, Tugboat Logic, Drata, Vanta, LogicGate).

- Preferred certifications: CISSP, CISM, CRISC, ISO 27001 Lead Implementer/Auditor, CISA.

Preferred Attributes

- Experience in a SaaS or product-based company serving enterprise customers.

- Ability to translate complex control and risk language into operationally actionable steps.

- Track record of reducing audit friction through process improvement and automation.

- Hands-on doer comfortable both following established strategy and independently executing detailed tasks.

- Strong integrity, judgment, and ability to collaborate at all levels of the organization.

- Experience using AI or automation tools for compliance operations, risk analytics, or audit optimization.

- Working knowledge of AI governance, transparency, and ethical use frameworks.

- Ability to translate compliance requirements into AI-enabled workflows that reduce manual work and improve accuracy.

What We Offer

- Hands-on role reporting directly to the COO with visibility across the executive team.

- Opportunity to run and improve a mature compliance program with both ISO 27001:2022 and SOC 2 Type II certifications.

- Contribute to how compliance, privacy, and security intersect across the company’s product and operations.

- Competitive compensation, comprehensive benefits, and a culture focused on innovation, transparency, and trust.

- An opportunity to be at the center of how a modern compliance organization leverages AI and automation responsibly to drive efficiency, assurance, and innovation.

Applications go to the hiring team directly