Manager, Compliance

Manager, Compliance Get to Know Us Horizon3.ai is a fast-growing, remote cybersecurity company dedicated to the mission of enabling organizations to proactively find, fix and verify exploitable attack vectors before criminals exploit them. Our flagship product, the NodeZeroTM platform, delivers production-safe autonomous pentests and other key assessment operations that scale across the largest internal, external, cloud, and hybrid cloud environments. NodeZero has been adopted by organizations of all sizes, from small educational institutions to government agencies and Global 100 enterprises. It is used by IT Ops/SecOps teams, consulting pentesters, and MSSPs and MSPs. We are a fusion of former U.S. Special Operations cyber operators, startup engineers & operators, and formerly frustrated cybersecurity practitioners. We're committed to helping solve our common security problems: ineffective security tools and false positives, resulting in alert fatigue, blind spots, "checkbox” security culture, cybersecurity skills shortage, and the long lead time and expense of hiring outside consultants. Collectively, we are a team of learn it alls, committed to a culture of respect, collaboration, ownership, and results. What You’ll Do We are seeking a Manager, Compliance to lead our Compliance, Privacy, and Third-Party Risk programs. This is a hands-on leadership role for someone who can set direction, develop talent, and stay close enough to the work to guide audits, drive cross-functional execution, and improve trust with customers, regulators, and partners. This role will lead the team responsible for maintaining and maturing our compliance and privacy capabilities across the business. The ideal candidate brings strong experience in GRC, data privacy, third-party risk, and customer assurance, along with the ability to partner effectively across Security, Engineering, IT, Legal, HR, Sales, and Customer Success. By strengthening our compliance posture and enabling scalable trust programs, this role will directly support the security, resilience, and growth of our business. This role will be responsible for….. - Lead, coach, and grow the Compliance team, including ownership of compliance operations, privacy, third-party risk management, and customer assurance - Set priorities and operating rhythms for the team, balancing strategic program maturity, customer-facing support, audit readiness, and cross-functional execution - Serve as the internal lead for compliance efforts, including control mapping, evidence collection, audit coordination, and continuous improvement of the control environment - Maintain and improve compliance against frameworks such as, but limited to: SOC 2, ISO 27001, NIST AI RMF, ISO 42001, DORA, UK Cyber Essentials, FedRAMP, and/or NIST 800-53 - Collaborate with cross-functional teams including Engineering, IT, Legal, HR, Product, Sales, and Customer Success to implement and validate control requirements - Oversee the organization’s data privacy program, ensuring compliance with GDPR, CCPA/CPRA, EU AI Act, and emerging U.S. state privacy laws - Maintain records of processing activities (RoPAs), manage data subject access requests (DSARs), and conduct privacy impact assessments (PIAs) - Partner closely with Legal and Product to advise on privacy-by-design, data minimization, and transparency practices - Own and manage the third-party risk management lifecycle, including onboarding reviews, periodic reassessments, contract/privacy reviews, and ongoing risk tracking - Conduct security and privacy due diligence on new vendors and partners supporting the SaaS product - Maintain a current inventory of vendors, subprocessors, and associated risk assessments - Serve as the primary point of contact for customer security questionnaires, RFPs, customer audits, and due diligence requests - Leverage existing documentation such as the SOC 2 report, pentest reports, whitepapers, and DPAs, while partnering with SMEs ... (truncated, view full listing at source)