The Compliance Manager I, Level 4 plays a critical role in ensuring BEMO and our customers maintain compliance with leading security and privacy frameworks, including SOC 2, ISO 27001, HIPAA, CMMC 2.0, and ISO 42001. This role combines deep compliance knowledge with strong project management and communication skills to drive recertification readiness, support customer projects, and improve internal compliance processes. The Compliance Manager operates with a high degree of autonomy, leading complex cross-departmental efforts and interfacing with auditors, customers, and internal teams to ensure continuous alignment between operational practices and compliance obligations.

Primary Responsibilities & Priorities

Compliance Ownership – 50%

• Lead all BEMO and customer compliance renewals across frameworks (SOC 2, ISO 27001, HIPAA, CMMC 2.0, ISO 42001).
• Own monthly compliance maintenance tasks ensuring readiness for internal and customer audits.
• Develop, maintain, and update all compliance-related documentation, including procedures, playbooks, and training content.
• Manage auditor relationships, prepare evidence, coordinate responses, and lead walkthroughs.
• Plan and lead annual certification projects and tabletop exercises to validate operational and security resilience.
• Automate compliance processes via AI Agents and other means of tracking within BEMO applications and reporting.

Project Leadership & Customer Engagement – 40%

• Lead Managed Services and project compliance efforts, ensuring customer environments align with BEMO’s compliance standards.
• Facilitate tabletop exercises, audits, and assessments for customers to ensure alignment with regulatory requirements.
• Collaborate with internal project managers, engineering, and leadership to ensure compliance deliverables are integrated into project lifecycles.
• Critique and improve compliance processes, identifying opportunities for simplification, automation, and improved documentation.
• Drive organizational change management initiatives to successfully land new compliance processes.

Cross-functional & Sales Support – 10%

• Support and sales and project teams in customer-facing compliance discussions documentation requests.
• Contribute to proposal reviews, questionnaires, and customer assessments involving compliance or security obligations.
• Build trust and act as a subject matter expert for internal and external stakeholders.

Key Competencies & Behavioral Expectations

• Operates independently, managing multiple complex compliance projects with minimal oversight.
• Demonstrates advanced understanding of compliance frameworks and their application in SaaS, cloud, or managed services environments.
• Uses structured problem-solving, data analytics and automation to identify gaps and propose practical, scalable solutions.
• Builds strong peer-to-peer and leadership relationships across departments.
• Communicates clearly and consistently with technical and non-technical audiences.
• Functions effectively in ambiguous or evolving regulatory environments, adapting quickly and guiding others through change.

Proactively documents, trains, and reinforces compliance processes to strengthen organizational maturity.

Requirements

Education & Experience

• Bachelor’s degree in Business, Information Security, IT Management, or related field (or equivalent experience).
• 5+ years of experience in compliance, audit management, or information security programs.
• Proven track record managing SOC 2, ISO 27001, HIPAA, or CMMC certifications or renewals.
• Experience in cloud-based environments (Microsoft 365, Azure) preferred.
• Familiarity with Drata, Vanta, or similar compliance automation tools a plus.
• PMP, CISA is a plus

Skills & Knowledge

• Deep understanding of compliance frameworks and control implementation.
• Strong project management and organizational skills—able to manage multiple concurrent audits or projects.
• Excellent written and verbal communication skills for internal and external audiences.
• Ability to analyze, automate, document, and improve processes across multiple teams.
• Strong technical literacy to communicate with IT, Security, and Engineering stakeholders.

Goals & Success Metrics

• Maintain nearly zero audit findings across BEMO and customer renewals.
• Complete 100% of compliance tasks within defined timelines.
• Deliver updated compliance documentation and training annually.
• Demonstrate measurable improvements in process maturity and audit readiness.
• Achieve strong stakeholder satisfaction scores from both internal teams and customers.