Senior Compliance Manager, Trust & Assurance

Job Description:

• Build ServiceTitan's Customer Trust Program to differentiate us in the market and accelerate enterprise deals.
• Own trust infrastructure including security documentation, trust center, and customer-facing compliance portal.
• Partner with Sales and Customer Success to translate security controls into customer value.
• Create tiered security review processes and standard responses for questionnaires and RFPs.
• Establish trust metrics that demonstrate impact on sales velocity and customer confidence.
• Own end-to-end management of ISO 27001, SOC 1/2, and PCI-DSS across multiple entities.
• Lead expansion into ISO 42001 for AI and emerging frameworks.
• Implement a 'Test Once, Comply Many' strategy to streamline operations.
• Drive continuous audit-readiness by ensuring controls are operationally effective, focusing on measurable security improvements and proactive risk mitigation.
• Architect AI-driven workflows using next-gen GRC platforms (i.e. Anecdotes, Drata, Vanta) and AI tooling to automate evidence collection, control testing, and risk assessment.
• Drive reduction in manual work through intelligent automation.
• Build horizontal AI capabilities for cross-functional collaboration and vertical capabilities for deeper compliance insights and predictive analytics.
• Transform compliance from manual documentation to data-driven risk management.
• Own strategic relationships with external auditors, serving as primary technical contact.
• Advocate for risk-based audit approaches that focus resources on highest-impact areas.
• Hold GRC vendors accountable for ROI and influence their product roadmaps to meet ServiceTitan's needs.
• Design and maintain unified control framework across all certifications.
• Map controls to create a single source of truth in our GRC system of record.
• Establish clear ownership across Engineering, IT, Security, and business teams.
• Implement continuous monitoring to detect gaps and failures in real-time.
• Collaborate deeply with Product and Engineering to map and maintain an accurate understanding of product architecture, data flows, and collection points.
• Lead the technical definition of certification boundaries (e.g., PCI-DSS scoping) by analyzing how data moves through ServiceTitan’s ecosystem.
• Ensure certifications reflect current infrastructure rather than legacy snapshots.
• Partner with Product Managers to translate customer security requirements and emerging regulations (like ISO 42001 for AI) into actionable roadmap priorities.
• Work with Sales to identify certifications that unlock new markets or accelerate deal cycles.
• Provide high-fidelity sales enablement materials and expert support for complex security RFPs.
• Act as a bridge between compliance mandates and technical execution, ensuring Engineering understands the why behind control requirements to prevent 'compliance debt' in the product lifecycle.
• Bridge Security, Engineering, IT, Finance, Legal, Product, and Sales to embed compliance into operations.
• Communicate certification status and risks to leadership through clear dashboards.
• Drive stakeholder engagement by connecting compliance to business outcomes.
• Build culture where compliance is competitive advantage, not burden.
• Transform compliance from manual gathering to automated, continuous assurance.
• Build integrations between GRC platforms and source systems (Okta, Azure, AWS, GitHub, Jira).
• Implement controls through infrastructure-as-code, policy-as-code, and automated testing.
• Make audit-readiness continuous, not annual.
• Apply risk-based thinking to focus resources on highest-impact areas.
• Scope audits based on risk, avoiding over-testing of low-risk controls.
• Assess and communicate residual risk when balancing compliance with business velocity.

Requirements:

• 7+ years in IT compliance, GRC, or information security with 2+ years in leadership role.
• Deep hands-on experience managing ISO 27001, SOC 1/2, PCI-DSS, or equivalent frameworks simultaneously.
• Experience with modern GRC platforms (e.g. Anecdotes, Drata, Vanta, OneTrust, ServiceNow GRC).
• Understand infrastructure, application architecture, and security controls deeply.
• Ability to architect integrations and leverage automation/APIs for compliance workflows.
• Experience partnering with Sales, Product, and Customer Success on compliance enablement.
• Ability to communicate business value of compliance to executives and customers.
• Exceptional stakeholder management across technical and non-technical audiences.
• Preferred Certifications: CISSP, CISA, CISM, CRISC.
• Experience with ISO 42001, NIST AI RMF, or emerging AI regulations.
• Infrastructure-as-code knowledge (Terraform, CloudFormation).
• Cloud security expertise (AWS, Azure, GCP).
• DevSecOps or CI/CD compliance integration experience.
• Track record implementing AI/automation in compliance (not just using tools, but architecting solutions).

Benefits:

• Flexible time off with ample learning and development opportunities to continue growing your career.
• Comprehensive onboarding program, leadership training for Titans at all levels, and other programs and events.
• Great work is rewarded through Bonusly, peer-nominated awards, and more.
• Company-paid medical, dental, and vision (with 100% employer paid options and 90% coverage for dependents), FSA and HSA, 401k match, and telehealth options including memberships to One Medical.
• Parental leave and support, up to $20k in fertility services (i.e. IUI and IVF), surrogacy, and adoption reimbursement, on demand maternity support through Maven Maternity, free breast milk shipping through Maven Milk, pet insurance, legal advisory services, financial planning tools, and more.

Apply tot his job Apply To this Job