Compliance Manager
ActiveCampaign
Legal, Sales & Business Development
Chicago, IL, USA
Posted on Mar 20, 2025
We are seeking a Compliance Manager to contribute to the continued development and growth of our risk management and compliance program. This individual will be responsible for improving a global risk and compliance security program at a fast paced international company. This position serves as the internal compliance manager that will oversee and be responsible for the designing, implementing, supporting and maintaining of policies and security solutions to support ActiveCampaign’s SOC2 and ISO 27001 within a SaaS application environment. The Compliance Manager is responsible for managing and executing several simultaneous initiatives and must be highly organized.
What your day could consist of:
- Champions and leads the ISMS program at an enterprise level, including the development and management of policies and procedures
- Works within the cross-functional team members and departments to internally audit and collect evidence for implemented security controls
- Responsible for working with Customer Success resources to assist with information security questionnaires and RFI’s for customers, partners and vendors
- Development and maintenance of a security and compliance knowledge base, utilized to respond to information security questionnaires and RFI’s
- Prepares metrics on the effectiveness of the compliance programs, including implementation KPIs for initiatives
- Leads the ISO 27001 and SOC2 / Type 2 program, working with internal and external auditors
- Participates as a member of the Incident Response Team (IRT) to assist with oversight as it relates to the ISMS and SOC2 programs
- Schedules and supports third party pen testing, vulnerability monitoring, security audits, and risk assessments
- Audits and regularly evaluates company performance for compliance to information security standards
- Leads the operational risk board and maintains the risk registry
- Performs additional duties as required
- Assists with the development, rollout and delivery of security awareness training
- Works with the Procurement team to perform security related risk assessments within the supplier relationship management program
- Works with Legal new regulations and participates in discussions regarding new compliance needs
What is needed:
- BS in Computer Science, Information Systems, IT or equivalent experience
- 5+ Years’ experience within an information technology/security role supporting cloud-based solutions
- Excellent written and verbal communication skills for effective interaction with team members, customers, partners, and auditors
- Experience with ISMS governance models (such as NIST), information security roles, and creating and implementing security controls ISO, ITIL, NIST, PCI, and SOC
- Strong risk management and auditing experience
- Experience with data privacy regulations such as GDPR and Privacy Shield
- Certification CISSP, CISA, CISM, CompTIA, GSEC, CEH, or similar certification relating to information security preferred
- Experience defining, driving, and executing a program vision with clear milestones