Product Security Assurance & Compliance (PSAC) Manager
Indexed description
Position Summary
SecureLogix Product Security Assurance & Compliance Manager will own and drive the company's Product Security Assurance & Compliance (PSAC) Program. Organizationally embedded within Product and reporting to the SVP of Product, this role directly supports revenue growth, security posture improvement, and organizational resilience. While the primary workflow of this role is driven by the sales cycle and customer-facing security requirements, the PSAC Manager operates with cross-functional accountability to Engineering, IT, Legal, and executive leadership — and maintains independence in the accuracy and integrity of all security assessments and responses, regardless of deal context.
This is a compliance, documentation, and program management role — not a hands-on IT operations position. However, it demands deep product fluency. The PSAC Manager is expected to develop a thorough, systems-level understanding of SecureLogix products and platform architecture, including how they handle data, authenticate users, integrate with customer environments, and expose potential security considerations.
The PSAC Manager will begin by conducting a comprehensive audit of all existing security-related documentation across the enterprise — spanning SLC Corporate, Development, and Operations. A key finding from a recent customer assessment identified fragmented and duplicated documentation as an organizational risk. Addressing this is a Day 1 priority.
• Inventory all existing security policies, procedures, standards, and evidence artifacts across the organization.
• Identify duplicate, conflicting, or outdated documentation and consolidate into a single, authoritative source of truth.
• Establish a version-controlled, centralized documentation repository accessible to authorized personnel.
• Define and enforce documentation governance standards to prevent re-fragmentation over time.
Using enterprise customer security questionnaires as a diagnostic baseline, the PSAC Manager will systematically identify and prioritize gaps in SecureLogix's security controls, policies, and documentation.
• Conduct a structured gap analysis mapped to relevant frameworks (NIST CSF, ISO 27001, CIS Controls, etc.) and customer requirements.
• Maintain a prioritized remediation roadmap with clear ownership, timelines, and measurable outcomes.
• Track remediation progress and provide regular status reporting to executive leadership.
• Use recurring questionnaire themes to proactively identify systemic gaps before they surface in customer engagements.
The PSAC Manager is the primary owner for all inbound security assessments, questionnaires, and due diligence requests — across new sales opportunities and existing customer relationships.
• Manage the full lifecycle of all inbound questionnaires (SPSRD, SIG, CAIQ, HECVAT, custom).
• Build and maintain a centralized repository of pre-approved responses and supporting evidence artifacts to enable rapid, consistent turnaround.
• Collaborate with Engineering, IT, Legal, and executive leadership to gather accurate technical and policy information.
• Track all assessment timelines and ensure on-time delivery to support active sales cycles.
• Leverage assessment responses to inform gap analysis and product-level risk identification (see Product Risk section below).
Security questions originate from across SecureLogix — not just inbound customer questionnaires. Account teams, Operations staff, Finance, and executive leadership regularly field security-related inquiries in the course of normal business (customer calls, SOW negotiations, onboarding discussions, etc.). The PSAC Manager will design and implement an automated internal solution to address this.
• Design and deploy an internal, self-service security Q&A tool enabling any authorized SecureLogix employee to quickly retrieve accurate, pre-approved answers to common security questions.
• Establish an escalation workflow: questions that do not return a sufficient answer are automatically flagged and routed to the PSAC Manager for resolution and knowledgebase enrichment.
This is a distinguishing requirement of the role. The PSAC Manager must develop and maintain a deep, systems-level understanding of SecureLogix products — not as a developer, but as a security-focused analyst who can read architecture documentation, understand data flows, evaluate integration patterns, and engage credibly with Engineering on security-relevant questions.
• Invest time to achieve a thorough understanding of SecureLogix product architecture, data handling, authentication mechanisms, and customer-facing integrations.
• Maintain fluency sufficient to accurately map product behavior to security controls and framework requirements when responding to customer assessments.
• Identify product-level security risks or deficiencies surfaced through customer questionnaires, assessments, or gap analysis.
• Submit product security improvement ideas through the formal Product Management process for prioritization and review — serving as an informed contributor to the product security roadmap.
• Collaborate with Product Management and Engineering to ensure new features and enhancements are evaluated against documented security policies prior to release.
• Sign-off on feature releases to ensure compliance with documented security policies and practices.
• Lead planning, execution, and maintenance of security certifications including ISO 27001 and other frameworks as required.
• Manage certification project plans, timelines, and milestones from scoping through audit completion.
• Coordinate with external auditors, assessors, and consultants throughout the certification lifecycle.
• Identify and remediate control gaps in collaboration with IT and Engineering to achieve and maintain certification readiness.
• Develop, maintain, and continuously improve security policies, standards, and procedures aligned to NIST CSF, CIS Controls, ISO 27001, and customer requirements.
• Maintain a controls matrix mapping organizational controls to multiple frameworks and customer requirements.
• Manage the organization's risk register, including regular risk assessments and treatment plans.
• Develop and maintain an AI security policy addressing emerging AI/ML risks and usage.
• Ensure all security documentation is current, version-controlled, and audit-ready at all times.
• Partner with Sales to address security concerns during the sales cycle, participating in customer calls and presentations as the security subject matter expert.
• Develop customer-facing security materials: whitepapers, trust center content, compliance summary sheets, and presentation-ready security briefings.
• Proactively identify certification or compliance milestones that will strengthen competitive positioning.
• Maintain and deliver the employee AI security awareness training program, including onboarding and annual refresher training.
• Coordinate with IT to ensure technical controls align with documented policies and compliance requirements.
Requirement
Detail
Education
Bachelor's degree in Information Security, Cybersecurity, Business, or related field (or equivalent professional experience).
Experience
4+ years in information security compliance, GRC, or security audit/assessment roles.
Questionnaire Mgmt
Extensive hands-on experience responding to customer security assessments and third-party questionnaires.
Framework Knowledge
Strong working knowledge of NIST CSF, CIS Controls, ISO 27001.
Technical Fluency
Demonstrated ability to read and understand technical architecture documentation, data flow diagrams, and API/integration specifications — sufficient to engage credibly with Engineering and accurately represent product behavior in security assessments.
Technical Writing
Excellent skills producing clear, accurate, and professional security documentation for internal and customer-facing audiences.
Project Management
Ability to manage multiple concurrent certification and assessment timelines with clear ownership and accountability.
• Industry certifications: CISSP, CISM, CISA, CRISC, CCSK, or CompTIA Security+.
• Familiarity with Microsoft 365 security and compliance tooling (Purview, Defender, Entra ID).
• Experience working in or supporting a sales organization with security compliance responsibilities.
• Background in telecommunications, VoIP, or enterprise security products.
• Experience with GRC platforms (Vanta, Drata, OneTrust, or similar).
• Experience designing internal knowledge management or Q&A automation systems.
• Knowledge of AI security policy development and emerging AI/ML risk frameworks.
• Experience managing compliance in a small-to-midsize enterprise (50-150 employees) with limited resources.
• Remote — eligible states: AZ, CA, CO, CT, FL, GA, IL, IN, KS, MD, MA, MO, NC, NJ, NY, OH, PA, SC, TX, VA, TN, WI
• Maintains independence in security assessment accuracy and integrity; cross-functional accountability extends to executive leadership for escalation of significant security risks or gaps.
• Collaborative, technology-focused culture with a strong emphasis on security as a competitive differentiator.
SecureLogix offers a competitive salary commensurate with experience, along with a comprehensive benefits package.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search