About the role

Technical Program Manager handling compliance automation for Sophos, a cybersecurity solutions leader. Focused on GRC platform integration, AI tooling, and operational compliance tasks.

Responsibilities

Own and operate the GRC platform
Integrate GRC tools with cloud platforms (AWS, Azure, GCP)
Design and implement automated workflows for evidence collection
Build and maintain dashboards to visualize compliance posture
Design, build, and operate AI agents that automate the compliance lifecycle
Apply AI-assisted workflows to evidence validation and control evaluation
Conduct gap analyses and support implementation of new compliance frameworks
Prepare compliance documentation and monitor adherence to internal controls
Partner cross-functionally with engineering, product, security, and legal teams to ensure controls are operationalized
Communicate compliance risk and control status to stakeholders

Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field (or equivalent experience)
4+ years of experience in GRC, engineering, or a technical discipline supporting cybersecurity programs
In-depth knowledge of cybersecurity frameworks including NIST 800-53, ISO 27001, SOC 2, and/or FedRAMP
Technical background in systems administration, software engineering, cloud security, or security engineering
Hands-on experience with cloud infrastructure (AWS, Azure, or GCP)
Hands-on experience with a GRC platforms for control tracking, evidence management, and findings remediation
Proficiency with security monitoring concepts and tooling
Demonstrated professional use of AI tools to support drafting, analysis, evaluation, or workflow automation within compliance or technical programs
Strong project management skills with experience leading security assessment initiatives across multiple stakeholders
Familiarity with Git workflows and repository access management.