IT & Information Security Compliance Manager (Automation & Certifications)

Are you ready to shape the future of authentication? Join 1Kosmos and help lead the next wave in identity assurance and passwordless innovation. 1Kosmos is driving the future of identity security, empowering organizations to eliminate passwords and establish trust at every step of the identity lifecycle. As a vibrant team of innovators, we develop advanced authentication solutions trusted by some of the world’s leading brands. Join us as we create a passwordless world and set new standards for digital identity assurance. We are seeking an IT & Information Security Compliance Manager to own and strengthen our company’s security and compliance posture across frameworks such as SOC 2, ISO 27001, FedRAMP High, and NIST. This is a hands-on operational leadership role (not a CISO), focused on ensuring audit readiness, control implementation, IT governance, and continuous improvement of our security programs. The ideal candidate will combine a strong understanding of infrastructure and security controls with experience automating compliance workflows using tools like Drata or Vanta. Key Responsibilities Lead and maintain enterprise security and compliance programs aligned with SOC 2, ISO 27001/27002, FedRAMP High, and NIST 800-53/171 frameworks. Build and manage automated compliance monitoring and evidence collection through Drata, Vanta, or equivalent platforms; integrate these with internal systems (ticketing, HRIS, cloud providers, etc.). Prepare for and manage SOC 2 Type I/II, ISO audits, and FedRAMP readiness assessments: gap analysis, documentation, remediation, and control testing. Partner with IT Operations and Engineering to ensure security controls are embedded in infrastructure, cloud, network, and identity systems. Maintain and update security policies, SSPs, POA&Ms, and other audit documentation. Oversee incident response, change management, and vendor risk programs to ensure consistent compliance coverage. Manage relationships with external auditors and compliance assessors. Define and track metrics for audit readiness, risk posture, and compliance automation efficiency. Stay current with evolving compliance frameworks and technologies that can improve assurance automation. Champion security awareness, training, and continuous improvement across the organization. Qualifications Must-Have 6 + years of experience in IT security, compliance, or risk management within a SaaS or regulated technology environment. Proven experience managing SOC 2 and ISO 27001 programs end-to-end; exposure to FedRAMP High or NIST 800-53 is a plus. Hands-on use and administration of Drata, Vanta, Tugboat Logic, or equivalent compliance automation platforms. Familiarity with AWS/Azure/GCP cloud environments, identity & access management, and IT operations. Strong technical understanding of security controls: network, endpoint, access, configuration management, logging/monitoring, vulnerability management. Excellent documentation and communication skills — able to translate control requirements into clear operational actions. Experience leading internal or external audits and managing evidence collection efficiently. Based in (or willing to relocate to) Edison, NJ and work on-site with our leadership and operations teams. Preferred Certifications such as CISSP, CISM, CISA, ISO 27001 Lead Implementer/Auditor, or FedRAMP Practitioner. Experience managing or improving IT operations processes with a compliance lens. Familiarity with compliance automation APIs or integration scripting is a bonus.

Benefits:

Comprehensive health, dental, and vision coverage 401(k) Paid time off Professional development budget Certification reimbursement