Security and Compliance Manager
Remote · Serbia
Job Summary
Security and Compliance Manager responsible for owning and improving Semaphore's security, compliance, and customer assurance program. You will maintain SOC 2 and ISO 27001 readiness, manage audit coordination and evidence, keep policies and controls current, handle customer security questionnaires and vendor assessments, maintain risk, privacy, and DPA workflows, and collaborate with Engineering, Infrastructure, Legal, and Leadership to validate controls and governance, including emerging needs around internal AI use. The role requires remote work capability from Serbia with 3+ years in relevant disciplines and the ability to communicate complex compliance topics to non-specialists, while coordinating cross-functional efforts end-to-end.
Required Qualifications
- Based in Serbia with 3+ years of experience in IT compliance, information security, risk management, privacy, audit, operations, or a related role with real ownership and accountability.
- Working knowledge of security, compliance, audit, or risk-management practices, with the ability to learn frameworks such as SOC 2 and ISO 27001 quickly.
- Experience owning or coordinating an important process end-to-end, such as audit evidence, policies, risk tracking, vendor reviews, customer questionnaires, access reviews, internal controls, or cross-functional operations.
- Strong written communication skills and the ability to make compliance topics clear to non-specialists.
- Good judgment: you can distinguish between real risk, audit formality, and unnecessary process.
- Ability to work independently in a remote company and keep many moving pieces organized.
- Nice to Have: Direct experience with SOC 2, ISO 27001, SaaS, cloud infrastructure, developer tools, or enterprise software.
- Familiarity with GDPR, DPAs, privacy operations, or customer assurance workflows.
- Experience working with Engineering or Infrastructure teams on security controls.
- Exposure to AI governance, third-party risk management, or security tooling, especially in companies adopting AI internally.
- Relevant certifications such as Security+, ISO 27001, CISA, CISSP, CIPM, CIPP/E, or similar.
Apply with one swipe on Sorce. We auto-fill applications and apply on your behalf — no cover letters, no 40-minute forms.
Hiring someone like this?
Get your role in front of qualified candidates on Sorce.