Compliance Program Manager
Share
Job Location:
Monthly Salary:
Posted on:
7 hours ago
Vacancies:
1 Vacancy
Job Summary
Are you ready to power the Worlds connections
If you dont think you meet all of the criteria below but are still interested in the job please apply. Nobody checks every box - were looking for candidates that are particularly strong in a few areas and have some interest and capabilities in others.
Role Summary
This senior individual contributor with program ownership responsibility is a high-impact role supporting customer trust audits and revenue enablement. The Compliance Program Manager is responsible for customer-facing security and compliance assurance for a designated Kong product while also owning the PCI-DSS compliance program and certification lifecycle for that product.
This role acts as the primary Subject Matter Expert (SME) for customer assurance audit readiness and PCI-DSS controls partnering closely with Engineering SRE Product Legal and Compliance teams. The role is critical to maintaining customer trust supporting sales motions and ensuring ongoing regulatory and industry compliance.
Key Responsibilities
Manage the end-to-end PCI DSS compliance program ensuring adherence to the latest v4.0 standards.
Conduct regular internal assessments and readiness reviews for Reports on Compliance (ROC).
Serve as the Customer Assurance SME for one assigned Kong product (Dedicated Cloud Gateways).
Support all customer assurance requests for the assigned product including security questionnaires due diligence reviews and compliance inquiries
Attend customer calls as required to explain the products security posture compliance controls and audit status.
Ensure responses are accurate consistent and aligned with approved Kong messaging.
For customer assurance requests involving multiple Kong products collaborate with other product SMEs to deliver coordinated consistent and high-quality responses
Ensure alignment between product-specific responses and Kongs broader security and compliance posture.
Cater to audit evidence requirements for the assigned product.
Partner with the Compliance Program Manager and internal stakeholders to ensure ongoing audit readiness for frameworks such as ISO 27001 SOC 2 Type II.
Validate that security and compliance controls are documented implemented and supported by appropriate evidence.
Drive the implementation of security and compliance best practices across the assigned product.
Foster strong cross-functional collaboration across Security Engineering SRE Product Legal and Sales teams.
Promote secure-by-design and compliance-by-design principles in product development and operations.
Identify control gaps and drive remediation efforts with Engineering and Product teams.
Participate in cross-training initiatives with other Customer Assurance and Compliance SMEs.
PCI-DSS Program Ownership (Product-Specific)
Own end-to-end PCI-DSS compliance for the assigned Kong product including:
Scope definition and validation
Control implementation and documentation
Evidence collection and maintenance
Annual PCI-DSS assessments and certification
Act as the primary point of contact for PCI-related matters including:
Internal stakeholders
Qualified Security Assessors (QSAs)
Customer PCI inquiries
Ensure PCI controls are embedded into product architecture and operational processes.
Track PCI requirements changes and remediation activities to maintain continuous compliance.
Required Qualifications
8 years of experience in Customer Assurance Security Compliance GRC or Trust roles
Demonstrated experience owning end-to-end PCI-DSS compliance programs
Experience supporting customer-facing security and compliance engagements
Prior experience working in SaaS cloud or infrastructure platforms
Strong hands-on knowledge of PCI-DSS
Experience managing audits assessments and evidence collection
Understanding of shared responsibility models and cloud security controls
Understanding of APIs cloud-native architectures or platform security is a strong plus
Excellent written and verbal communication skills
Ability to translate complex compliance requirements into customer- and engineer-friendly language
Comfortable engaging with enterprise customers auditors and QSAs and internal leadership and cross-functional teams
Bachelors degree in Information Security Computer Science or a related field or equivalent practical experience
PCI Professional (PCIP) PCI Internal Security Assessor (ISA) CISSP CISA CRISC or ISO 27001 certifications preferred but not mandatory
About Kong:
Kong Inc. a leading developer of API and AI connectivity technologies is building the infrastructure that powers the agentic era. trusted by the Fortune 500 and startups alike Kongs unified API and AI platform Kong Konnect enables organizations to secure manage accelerate govern and monetize the flow of intelligence across APIs and AI models. For more information visit .
Required Experience:
Manager
Key Skills
- Project Management Methodology
- Project / Program Management
- Program Management
- Management Experience
- Microsoft Powerpoint
- Project Management
- Microsoft Project
- Budgeting
- DoD Experience
- Leadership Experience
- Supervising Experience
- Contracts
About Company
Kong is the most widely adopted API gateway and service mesh, powering the world’s APIs for modern architectures. Accelerate development and productivity today!
