IT & Information Security Compliance Manager; Automation & Certifications

Are you ready to shape the future of authentication? Join 1

Kosmos and help lead the next wave in identity assurance and passwordless innovation.

1

Kosmos is driving the future of identity security, empowering organizations to eliminate passwords and establish trust at every step of the identity lifecycle. As a vibrant team of innovators, we develop advanced authentication solutions trusted by some of the world’s leading brands. Join us as we create a passwordless world and set new standards for digital identity assurance.

We are seeking an IT & Information Security Compliance Manager to own and strengthen our company’s security and compliance posture across frameworks such as SOC 2, ISO 27001, FedRAMP High, and NIST.

This is a hands‑on operational leadership role (not a CISO), focused on ensuring audit readiness, control implementation, IT governance, and continuous improvement of our security programs. The ideal candidate will combine a strong understanding of infrastructure and security controls with experience automating compliance workflows using tools like Drata or Vanta.

• Lead and maintain enterprise security and compliance programs aligned with SOC 2, ISO 27001/27002, FedRAMP High, and NIST 800‑53/171 frameworks.
• Build and manage automated compliance monitoring and evidence collection through Drata, Vanta, or equivalent platforms; integrate these with internal systems (ticketing, HRIS, cloud providers, etc.).
• Prepare for and manage SOC 2 Type I/II, ISO audits, and FedRAMP readiness assessments: gap analysis, documentation, remediation, and control testing.
• Partner with IT Operations and Engineering to ensure security controls are embedded in infrastructure, cloud, network, and identity systems.
• Maintain and update security policies, SSPs, POA&Ms, and other audit documentation.
• Oversee incident response, change management, and vendor risk programs to ensure consistent compliance coverage.
• Manage relationships with external auditors and compliance assessors.
• Define and track metrics for audit readiness, risk posture, and compliance automation efficiency.
• Stay current with evolving compliance frameworks and technologies that can improve assurance automation.
• Champion security awareness, training, and continuous improvement across the organization.

Must‑Have

• 6+ years of experience in IT security, compliance, or risk management within a SaaS or regulated technology environment.
• Proven experience managing SOC 2 and ISO 27001 programs end‑to‑end; exposure to FedRAMP High or NIST 800‑53 is a plus.
• Hands‑on use and administration of Drata, Vanta, Tugboat Logic, or equivalent compliance automation platforms.
• Familiarity with AWS/Azure/GCP cloud environments, identity & access management, and IT operations.
• Strong technical understanding of security controls: network, endpoint, access, configuration management, logging/monitoring, vulnerability management.
• Excellent documentation and communication skills — able to translate control requirements into clear operational actions.
• Experience leading internal or external audits and managing evidence collection efficiently.
• Based in (or willing to relocate to) Edison, NJ and work on‑site with our leadership and operations teams.

Preferred

• Certifications such as CISSP, CISM, CISA, ISO 27001 Lead Implementer/Auditor, or FedRAMP Practitioner.
• Experience managing or improving IT operations processes with a compliance lens.
• Familiarity with compliance automation APIs or integration scripting is a bonus.

• Comprehensive health, dental, and vision coverage
• 401(k)
• Paid time off
• Professional development budget
• Certification reimbursement