Manager, Compliance

Get to Know Us

Horizon3.ai is a fast-growing, remote cybersecurity company dedicated to the mission of enabling organizations to proactively find, fix and verify exploitable attack vectors before criminals exploit them. Our flagship product, the NodeZeroTM platform, delivers production-safe autonomous pentests and other key assessment operations that scale across the largest internal, external, cloud, and hybrid cloud environments. NodeZero has been adopted by organizations of all sizes, from small educational institutions to government agencies and Global 100 enterprises. It is used by IT Ops/SecOps teams, consulting pentesters, and MSSPs and MSPs.

We are a fusion of former U.S. Special Operations cyber operators, startup engineers & operators, and formerly frustrated cybersecurity practitioners. We're committed to helping solve our common security problems: ineffective security tools and false positives, resulting in alert fatigue, blind spots, "checkbox” security culture, cybersecurity skills shortage, and the long lead time and expense of hiring outside consultants. Collectively, we are a team of learn it alls, committed to a culture of respect, collaboration, ownership, and results.

What You’ll Do

We are seeking a Manager, Compliance to lead our Compliance, Privacy, and Third-Party Risk programs. This is a hands-on leadership role for someone who can set direction, develop talent, and stay close enough to the work to guide audits, drive cross-functional execution, and improve trust with customers, regulators, and partners.

This role will lead the team responsible for maintaining and maturing our compliance and privacy capabilities across the business. The ideal candidate brings strong experience in GRC, data privacy, third-party risk, and customer assurance, along with the ability to partner effectively across Security, Engineering, IT, Legal, HR, Sales, and Customer Success. By strengthening our compliance posture and enabling scalable trust programs, this role will directly support the security, resilience, and growth of our business.

This role will be responsible for…..

• Lead, coach, and grow the Compliance team, including ownership of compliance operations, privacy, third-party risk management, and customer assurance

• Set priorities and operating rhythms for the team, balancing strategic program maturity, customer-facing support, audit readiness, and cross-functional execution

• Serve as the internal lead for compliance efforts, including control mapping, evidence collection, audit coordination, and continuous improvement of the control environment

• Maintain and improve compliance against frameworks such as, but limited to: SOC 2, ISO 27001, NIST AI RMF, ISO 42001, DORA, UK Cyber Essentials, FedRAMP, and/or NIST 800-53

• Collaborate with cross-functional teams including Engineering, IT, Legal, HR, Product, Sales, and Customer Success to implement and validate control requirements

• Oversee the organization’s data privacy program, ensuring compliance with GDPR, CCPA/CPRA, EU AI Act, and emerging U.S. state privacy laws

• Maintain records of processing activities (RoPAs), manage data subject access requests (DSARs), and conduct privacy impact assessments (PIAs)

• Partner closely with Legal and Product to advise on privacy-by-design, data minimization, and transparency practices

• Own and manage the third-party risk management lifecycle, including onboarding reviews, periodic reassessments, contract/privacy reviews, and ongoing risk tracking

• Conduct security and privacy due diligence on new vendors and partners supporting the SaaS product

• Maintain a current inventory of vendors, subprocessors, and associated risk assessments

• Serve as the primary point of contact for customer security questionnaires, RFPs, customer audits, and due diligence requests

• Leverage existing documentation such as the SOC 2 report, pentest reports, whitepapers, and DPAs, while partnering with SMEs to provide accurate and timely responses

• Support Sales, Customer Success, and Legal in accelerating deals by strengthening trust in our security and compliance posture

• Create metrics, reporting, and risk narratives that communicate compliance posture, trends, and priorities to business owners and leadership

• Identify opportunities to improve processes, tooling, and documentation that help the company scale its compliance and privacy programs efficiently

• Demonstrate a commitment to integrity, process improvement, and customer satisfaction

• Act as the primary owner for enterprise security risk, establishing and maturing the Risk Register to ensure all identified threats are centralized and tracked.

• Manage the comprehensive risk lifecycle, overseeing everything from initial detection and impact analysis to remediation tracking and formal sign-off.

• Implement a standardized risk scoring methodology that utilizes quantitative and qualitative metrics to drive objective prioritization across the entire organization.

• Recruiting and onboarding talented individuals to support our organizational goals

• Mentoring, coaching, equipping, and developing your team

• Recognizing and retaining high performers

• Leading horizontally with peer management and senior leaders

• Must have deep experience in Governance, Risk, and Compliance (GRC) within a B2B SaaS, cybersecurity, or similarly regulated technology environment

• Must have a deep understanding of compliance frameworks such as SOC 2, ISO 27001, NIST AI RMF, DORA, and NIST 800-53, including experience leading annual audits

• Must have expertise in GDPR, CCPA/CPRA, EU AI Act, and emerging U.S. state data privacy laws

• Must have strong working knowledge of third-party risk management, vendor due diligence, and privacy/security review processes

• Must have experience responding to security questionnaires, RFPs, customer audits, and due diligence requests

• Must be knowledgeable in common SaaS infrastructure and business systems such as AWS, Okta, MDM, SIEM, and DLP

• Must have strong written and verbal communication skills, with the ability to translate complex compliance concepts for both technical and non-technical stakeholders

• Must be able to work independently and as part of a team, with a strong sense of ownership and accountability

• Must have experience building metrics and reporting that communicate compliance risk and program health to leadership

• Bachelor’s degree in Cybersecurity, Information Systems, Business, Risk Management, or a related field, or equivalent practical experience

• 6+ years of experience in security compliance, privacy, risk, or GRC

• 3+ years of experience operating in a B2B SaaS or cybersecurity company

• Prior experience leading audits, privacy programs, or third-party risk programs in a hands-on capacity

• Prior experience leading compliance analysts or serving as a technical/program lead in a compliance function

Required Tech Stack Experience

• AWS

• Okta

• MDM platforms

• SIEM tools

• DLP tools

• GRC and audit evidence management processes/tools

What Sets You Apart?

• You’ve led multiple SOC 2 Type II audits from start to finish and understand both auditor requirements and operational realities

• You have deep working knowledge of global and U.S. privacy laws and stay ahead of the evolving regulatory landscape

• You’re a trusted partner across Sales, Legal, Security, Product, and Engineering, balancing rigor with practical business execution

• You’ve built or managed a vendor risk management program and can evaluate technical controls, assess privacy risk, and communicate findings clearly

• You know how to navigate large, complex security questionnaires and RFPs, coordinating with SMEs to deliver high-quality responses quickly

• Certifications such as CIPP/US, CIPT, CISA, CRISC, or ISO 27001 Lead Implementer

• Experience in high-growth SaaS or cybersecurity companies

Compensation and Values

At Horizon3, we believe that our people are our greatest asset, and our compensation philosophy reflects this core value. We are committed to fostering an environment where all employees feel valued, respected, and rewarded for their contributions. Our compensation structure is designed to be fair, competitive, and transparent, ensuring that every team member is recognized and compensated equitably across roles, levels, and locations.

In accordance with various State’s transparency regulations, we provide the following salary range information for this position:

• Base salary range: $149,850 - $185,000 annually. The exact salary will be determined based on the selected candidate’s location, qualifications, experience, and relevant skills.

• Additional compensation: All full-time roles are eligible for an equity package in the form of stock options.

Perks of Horizon3.ai

• Inclusive Team: We value diversity and promote an inclusive culture where everyone can thrive.

• Growth Opportunities: Be part of a dynamic and growing team with numerous career development opportunities.

• Innovative Culture: Work in a collaborative environment that encourages creativity and out-of-the-box thinking.

• Hybrid & Remote Work: We embrace a mix of remote and hybrid work models depending on role and location, including our Chicago office, where some roles require regular in-office presence.

• Competitive Compensation: We offer competitive salary, equity and benefits. Our benefits include health, vision & dental insurance for you and your family, a flexible vacation policy, and generous parental leave.

You Belong Here

Horizon3 is not just an equal opportunity employer - we are a community that values diversity, equity, and inclusion as fundamental principles of our culture and success. We are dedicated to fostering a workplace where everyone feels welcome and respected, regardless of race, color, religion, sex, national origin, age, disability, veteran status, sexual orientation, gender identity or expression, genetic information, marital status, hair length or any other legally protected status by law.

Our commitment to diversity and inclusion means we strive to attract, develop, and retain a workforce that reflects the varied communities we serve. We believe that diverse perspectives drive innovation and strengthen our ability to create cutting-edge cybersecurity solutions. At Horizon3, every team member is valued and supported in an environment that encourages personal and professional growth.

We welcome candidates from all backgrounds and experiences, and we encourage all qualified individuals to apply. Come be a part of Horizon3, where your unique contributions are recognized, and your potential is limitless.

Other Duties

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee. Duties, responsibilities, and activities may change at any time with or without notice.

Application Note

In any materials you submit, you may redact or remove age-identifying information such as age, date of birth, or dates of school attendance or graduation. You will not be penalized for redacting or removing this information.