Job Details

About the Role

SonderMind is seeking a Security Compliance Manager who will operate as the project manager for our security and compliance program. You will drive policy creation, coordinate cross-functional ownership through RACI alignment, and ensure continuous compliance with ISO 27001 and other frameworks. Success is measured by audit readiness, completion of recurring control activities, and clear visibility of compliance posture to leadership.

What you'll do

Program Governance

• Draft, publish, and maintain information-security and privacy policies, standards, and procedures.
• Establish a living compliance calendar covering control tests, access reviews, vendor assessments, and policy refresh cycles.

Stakeholder Alignment & RACI Management

• Facilitate working sessions so Engineering, IT, PeopleOps, and Legal understand their accountability for controls such as vulnerability management, change management, and incident response.
• Track and report control ownership status; escalate gaps or overdue actions.

Audit & Certification Ownership

• Lead annual ISO 27001 audits end-to-end: scoping, readiness assessments, evidence collection, auditor coordination, and remediation follow-up.
• Maintain audit work-papers and a centralized evidence repository.

Control Operation & Monitoring

• Execute and document periodic controls: quarterly user access reviews, privileged-access attestations, vendor risk assessments, business continuity tests, and vulnerability-remediation SLAs.
• Automate evidence capture wherever feasible through tooling integrations (e.g., Vanta, Jira, Slack).

Risk Management & Continuous Improvement

• Conduct security risk assessments for new products and vendors; track mitigation plans to closure.
• Update policies and training content in response to regulatory and industry changes.
• Generate KPIs and board-level metrics on compliance health, audit findings, and risk trends.
• Develop and deliver role-based security and privacy training; ensure coverage and completion tracking.
• Promote a culture of accountability through regular communications and compliance initiatives.

What does success look like?

You will be the main point of contact for all things compliance at SonderMind, giving you autonomy to shape processes, introduce automation, and drive a measurable security culture. Your work will ensure we scale securely and retain the trust of millions of users.

Who You Are

Minimum Qualifications

• 5+ years in information-security compliance, ideally within a SaaS environment.
• Demonstrated ownership of at least one full SOC 2 Type 2 audit cycle.
• Strong project-management skills: ability to run parallel work-streams, influence without authority, and meet tight deadlines.
• Working knowledge of common control frameworks (SOC 2, ISO 27001, NIST CSF, etc.).
• Familiarity with security tooling for evidence collection (e.g., Vanta) and ticketing systems (Jira).
• Excellent written and verbal communication; adept at translating control requirements for technical and non-technical audiences.

Preferred Qualifications

• CISSP, CISA, CISM, or similar certification.
• Experience building RACI matrices and running cross-functional governance forums.
• Background in vulnerability management processes or secure SDLC.

The anticipated salary range for this role is $130,000 - $145,000 per year. Final compensation will be determined based on a variety of factors, including relevant experience, skills, education, and past performance. In addition to base salary, this position may also be eligible for a variable bonus and equity.

As leaders in redesigning behavioral health, we focus on supporting our employees in all facets of their lives and work by offering flexible hybrid work and comprehensive benefits.

Our Benefits

• A commitment to fostering flexible hybrid work
• A generous PTO policy with a minimum of three weeks off per year
• Free therapy coverage benefits to ensure our employees have access to the care they need (must be enrolled in our medical plans to participate)
• Competitive Medical, Dental, and Vision coverage with plans to meet every need, including HSA (company contributed) and FSA options
• Employer-paid short-term, long-term disability, life & AD&D; up to seven weeks of short-term disability leave as applicable
• Eight weeks of paid parental leave (additional leave may apply when combined with STD)
• 401K with company matching up to 4% of base salary
• Annual travel to Denver for Shift gathering
• Fourteen company holidays
• Company shutdown between Christmas and New Year
• Supplemental life insurance, pet insurance, commuter benefits, and more

Application Deadline

This position will be open until filled.

Equal Employment Opportunity

SonderMind does not discriminate in employment opportunities or practices based on race, color, creed, sex, gender, gender identity or expression, pregnancy, childbirth or related medical conditions, religion, veteran and military status, marital status, national origin or ancestry, physical or mental disability, medical condition, sexual orientation, or any other characteristic protected by applicable laws.