Senior Governance, Risk & Compliance Lead

Department: Product

Employment Type: Permanent - Full Time

Location: United States (Remote)

Reporting To: Matthew Willey

Description

What You’ll Do at OnePlan

• Own and manage OnePlan’s governance, risk, and compliance program across security and privacy frameworks
• Maintain the company’s compliance certifications including SOC 2 Type II, ISO 27001, and ISO 27701, ensuring ongoing audit readiness and successful surveillance audits and recertifications
• Coordinate with external auditors and manage evidence collection, control validation, and supporting documentation
• Maintain and update security policies, procedures, and internal documentation supporting compliance frameworks
• Maintain the company risk register and drive risk identification, assessment, and remediation activities across the organization
• Partner closely with Engineering and IT teams to implement and document security controls across the platform
• Lead OnePlan’s FedRAMP Moderate readiness initiative, including NIST 800-53 gap assessments and remediation planning
• Develop and maintain the System Security Plan (SSP) and associated FedRAMP documentation
• Prepare the organization for 3PAO assessment and establish processes for ongoing continuous monitoring
• Manage vendor risk assessments and third party security reviews
• Support enterprise and public sector security questionnaires, compliance reviews, and due diligence requests
• Ensure privacy and data protection practices align with GDPR and global privacy frameworks
• Support the ongoing operation of OnePlan’s ISO 27701 privacy program

Our Ideal Fit

• 6+ years of experience in governance, risk and compliance, information security, or security compliance roles
• Direct experience managing SOC 2 Type II and ISO 27001 audits and maintaining ongoing compliance programs
• Strong understanding of NIST 800-53 and FedRAMP security requirements
• Experience using compliance automation platforms such as Vanta or similar tools
• Experience working in a cloud native SaaS environment, ideally within Azure
• Strong documentation, audit management, and cross functional coordination skills
• Ability to translate security and compliance requirements into practical operational processes
• Experience leading or supporting FedRAMP readiness or authorization programs

• Professional certifications such as CISSP, CISM, CISA, CRISC, ISO 27001 Lead Implementer/Auditor, or CIPP
• Experience supporting enterprise security reviews and government compliance requirements
• Experience working in high growth SaaS or enterprise software companies

More Reasons Why You Should Apply!

• We’re a remote-first company with team members across the USA, Canada, UK, and India!
• OnePlan has been recognized as the Global Microsoft Partner of the Year in Project Portfolio Management in 2019, 2020, 2021, 2022 and 2023.
• We’ve been named a "Strong Performer" in the latest Forrester Strategic Portfolio Management WAVE report.
• We offer comprehensive health, dental, and vision benefits, with additional insurance options.
• Employer RRSP and 401K matching programs.
• A fun, collaborative, and diverse environment with regular health and team challenges to keep things light and enjoyable!