×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Data Security Information Security IT Consultant

Security Compliance Manager

Job in Austin, Travis County, Texas, 78716, USA
Listing for: Hippo Insurance
Full Time position
Listed on 2026-02-16
Job specializations:
  • IT/Tech
    Cybersecurity, Data Security, Information Security, IT Consultant
Salary/Wage Range or Industry Benchmark: 100000 - 125000 USD Yearly USD 100000.00 125000.00 YEAR
Job Description & How to Apply Below

Overview

Title: Security Compliance Manager

Location: Austin, TX / Dallas, TX / Bedminster, NJ / San Jose, CA (hybrid)

Reports To: Sr. Manager, Cybersecurity

About Hippo

Hippo exists to protect the joy of home ownership. We believe that insurance should protect the things you treasure through an intuitive, modern experience. We provide tailored insurance coverage and preventative maintenance plans that keep you protected throughout your homeowner journey. We’ll also help you find coverage for everything life brings—from auto to flood—reimagining how you care for your home.

About the Role

The Security Compliance Manager owns and evolves Hippo’s governance, risk, and compliance (GRC) program, ensuring the company maintains strong, defensible security controls and meets regulatory and audit requirements. This role leads the design, execution, and maturity of IT general controls (ITGC), SOX compliance, SOC 2 readiness and audits, and alignment with industry frameworks such as ISO 27001 and NIST.

Partnering closely with Security Engineering, IT, Finance, Legal, and Internal and External Audit, the Security Compliance Manager delivers rigorous risk assessments, effective control testing, and clear assurance reporting. The role plays a critical part in ensuring regulatory compliance, including NYCRR 500, while continuously improving compliance efficiency through standardization and automation.

About You

You are a seasoned security compliance and risk professional with a strong command of audit, controls, and regulatory frameworks. You are comfortable owning complex compliance programs end-to-end and translating regulatory requirements into practical, scalable controls.

You thrive in cross-functional environments, communicate clearly with both technical and non-technical stakeholders, and bring a structured, detail-oriented approach to risk management. You balance rigor with pragmatism, helping the organization meet compliance obligations while enabling the business to move efficiently and confidently.

What You'll Do
  • Own and mature the end-to-end GRC program, including ITGC, SOX, SOC 2, ISO 27001 alignment, and NYCRR 500 compliance.
  • Design, execute, and test IT general controls across access management, change management, operations, backup and disaster recovery, and vendor/SaaS environments.
  • Lead SOX activities including scoping, walkthroughs, design and operating effectiveness testing, deficiency evaluation, and remediation tracking.
  • Manage SOC 2 readiness and annual Type 1 and Type 2 audits, including control mapping, evidence collection, and exception management.
  • Align security policies, standards, and procedures with ISO 27001 Annex A, NIST CSF, COBIT, and CIS Controls, ensuring regulatory applicability.
  • Conduct enterprise and IT risk assessments, document risk treatment plans, and track remediation through closure.
  • Establish continuous control testing and assurance practices, including testing scripts, sampling methodologies, and evidence standards.
  • Develop and report on key risk and performance indicators (KRIs/KPIs) such as control pass rates, audit findings, evidence SLAs, and vendor risk trends.
  • Serve as the primary point of contact for Internal Audit and external auditors, producing executive- and board-ready compliance reporting.
  • Lead third-party and vendor risk assessments, including SIG/CAIQ reviews, contract control requirements, and ongoing monitoring.
  • Map and validate cloud controls (AWS, Azure, GCP) against SOX, SOC 2, ISO 27001, and NYCRR 500 expectations.
  • Maintain security policies, control catalogs, control narratives, and RACI documentation.
  • Drive security awareness, control owner training, and process maturity, including identifying opportunities for automation and continuous monitoring.
Must Haves
  • 6+ years of experience in security compliance, IT audit, or IT risk management.
  • Hands-on ownership of ITGC, SOX, SOC 2, and policy frameworks such as ISO 27001.
  • Strong expertise in risk assessments, control testing, assurance practices, and audit methodologies.
  • Practical knowledge of enterprise and cloud control domains, including IAM, SDLC/change management, vulnerability management, logging and monitoring,…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search