Senior Security Assurance Manager

About Us

Co-founded in 2023 by Joe Laws and Grant Verstandig Trase Systems is AI Uncomplicated. Trase empowers enterprise leaders to harness the full potential of AI without the associated complexity and risks. We are an end-to-end solution for deploying managing and optimizing AI in the enterprise. Our platform specializes in bridging the last mile of AI adoption unlocking AIs full potential while driving efficiency and significant cost savings. Trase is at the forefront of AI Agent innovation topping the Hugging Face GAIA Leaderboard for Generalized AI Assistants ahead of industry giants such as Google Meta Microsoft and OpenAI. We are leveraging our cutting-edge technologies to develop mission-critical agentic applications in complex industries such as Healthcare Oil & Gas and National Security.

About the Role

As the Senior Security Assurance Manager you will own the strategic governance backbone of Trases Security and Compliance program implementing and overseeing the processes policies and controls that allow us to operate safely and credibly in highly-regulated markets.

You will define and steward Trases security policies and procedures lead internal and external audits and conduct comprehensive risk assessments across the organization. You will be the primary owner of our SOC 2 and HIPAA programs and champion of our broader GRC functions (e.g. risk management policy documentation control design continuous monitoring etc.).

This is a player-coach role. You will operate hands-on across contexts and stakeholder groups while building the team processes and tooling that allow Trases governance capabilities to scale alongside the business.

Why This Role Exists

Trase is rapidly solving mission-critical challenges in some of the most highly regulated markets in the world where customer trust and assurance are non-negotiable. As we grow our global footprint and our compliance landscape evolves we need a senior leader who can scale our security and compliance posture so that it is always a core tenet of who we are and what we deliver.

This role is an investment in the next chapter of Trase security assurance. It is aimed at maturing our continuous monitoring and control frameworks sharpening how we manage enterprise risk and ensuring that our combined security capabilities continue to build trust and unlock net-new opportunities.

Responsibilities

Compliance Program Ownership

• Own and operate Trases SOC 2 and HIPAA programs end-to-end including scoping control design evidence collection and remediation tracking.
• Lead readiness and execution for additional frameworks as Trase enters new markets including ISO 27001 FedRAMP NIST 800-53 CMMC and ISO 42001.
• Manage the full lifecycle of internal and external audits serving as the primary point of contact for auditors assessors and regulators.

Governance Risk & Control Design

• Maintain Trases enterprise risk register conducting recurring risk assessments across people process and technology.
• Design document and operationalize security policies standards and procedures aligned to industry frameworks and Trases risk appetite.
• Own our common control framework in Drata monitoring and refining controls across overlapping regimes to minimize duplication and audit burden.

Continuous Monitoring & Control Assurance

• Shift Trases compliance posture from reactive to proactive by implementing continuous control monitoring automated evidence collection and recurring control testing.
• Define KRIs KPIs and reporting cadences that give leadership real-time visibility into the health of the security program.
• Identify control gaps perform root cause analysis and drive remediation in partnership with control owners across the enterprise.

Vendor & Third-Party Risk

• Enhance and operate Trases third-party risk management program including vendor security reviews ongoing monitoring and contractual security requirements.
• Partner with Legal to ensure DPAs BAAs and security addenda meet regulatory and customer requirements.

Customer Trust & Sales Enablement

• Serve alongside other subject matter experts or leaders as a senior representative in customer security reviews RFPs and prospect-facing trust conversations.
• Maintain trust collateral (SOC 2 reports security questionnaires trust portal content) and reduce friction in customer due diligence.
• Translate customer and regulator expectations into actionable program requirements.

Cross-Functional Partnership

• Partner closely with peers within Trase Security and Compliance Engineering and across the enterprise to ensure controls are operating effectively as designed.
• Collaborate with Legal HR IT and Finance on shared control ownership and program execution.

Requirements

• 10 years of progressive experience in security assurance GRC controls engineering or information security audit roles including several years in a senior or program-owning capacity.
• Deep hands-on experience owning or supporting SOC 2 and HIPAA programs end-to-end including managing external auditors or internal assessors.
• Strong working knowledge of additional frameworks including ISO 27001 FedRAMP (Moderate/High) NIST 800-53 NIST CSF and CMMC preferably with experience mapping or consolidating their underlying requirements within common control frameworks (CCF).
• Demonstrated experience designing and operating continuous control monitoring programs to achieve situational awareness before issues materialize as findings in external contexts (e.g. audits).
• Proven ability to author clear defensible security policies standards procedures and memoranda.
• Strong risk management foundation including hands-on experience conducting risk assessments and maintaining a risk register.
• Experience leading customer-facing security reviews RFP responses and trust conversations with sophisticated enterprise buyers or partners.
• Track record of partnering effectively with engineering and product teams to design controls into systems rather than around them.
• Excellent written and verbal communication skills with the ability to translate between auditors executives customers and engineers.
• Strong affinity and practical skill for working with LLMs and AI agents as part of your own workflowclear judgment on when and how to deploy them to move quickly orchestrate work and operate with confidence.

Nice to Have

• Experience scaling a compliance program inside a high-growth startup or scale-up.
• Experience with FedRAMP authorization (3PAO assessment ATO process) DoD RMF HITRUST or StateRAMP.
• Familiarity with ISO 42001 or other emerging AI governance frameworks.
• Industry-recognized certifications such as CISSP CISA CISM CRISC or HCISPP.
• Experience supporting customers in healthcare defense energy or other regulated verticals.
• Familiarity with modern GRC platforms (e.g. ServiceNow IRM Vanta Drata Hyperproof OneTrust) and a clear point of view on the tradeoffs between them.

Salary Range:$170000-$230000. This represents the typical salary range for this position based on experience skills and other factors.

Our Trase Benefits:

For full-time roles only

• Career track opportunity with potential for rapid advancement withstrong performanceas the firm grows
• 100% employer paid comprehensive health care including medical dental and vision for you and your family.
• Paid maternity and paternity for 14 weeks at employees normal pay.
• Unlimited PTO with management approval.
• Opportunities for professional development and continued learning.
• Optional 401K FSA and equity incentives available.
• Mental health benefits are available through Tara Mind.

Were an Equal Opportunity Employer: Youll receive consideration for employment without regard to race sex color religion sexual orientation gender identity national origin protected veteran status or on the basis of disability.

Applicant Data Disclosure

Bysubmittingan application you acknowledge that Red Cell Partners LLC (Red Cell) uses third-party service providers tofacilitateits recruitment and hiring processes. These providers include applicant tracking systems candidate verification platforms and fraud detection tools (collectively Hiring Platforms). Your application materials including your résumé cover letter work samples responses to application questions and any other information yousubmit may be transmitted to and processed by these Hiring Platforms for the following purposes:

• Managing and administering your application throughout the hiring process;

• Verifying the accuracy and authenticity of application materials including by cross-referencing information you provide against publicly available sources and proprietary databases;
• Identifyingindicators of potentially fraudulent fabricated or materially misleading application content including but not limited to discrepancies betweensubmittedmaterials and publicly available professional profiles geographic anomalies and fabricated work histories.

Applications that are flagged through this process ascontainingindicators of fraud or material misrepresentation may be declined from further consideration. If you have questions about the status of your application or the evaluation process please contacttalent@.

Red Cell requires its Hiring Platform providers to process your information solely for the purposes described above andin accordance withapplicable law. Your information will beretainedonly for as long as necessary to fulfill these purposes and any applicable legal obligations after which it will bedeletedin accordance withRed Cells data retention policies.

For more information about how your data is used please refer to our Privacy Policy and Applicant Privacy Notice.