What are the responsibilities and job description for the Security Compliance & Assurance Manager position at Port.io?
At Port, we are pioneering a new dimension of the Developer Experience. Our innovative platform for Internal Developer Portals has been designed with the ultimate aim of enhancing developer satisfaction, increasing productivity, and ensuring the highest standards of engineering output.
Port brings everything a developer needs together, encapsulated within a single user-friendly interface. From comprehending the software development lifecycle, executing tasks, to adhering to the organization's development standards, Port ensures that every aspect of software development is within easy reach for every developer.
As a team, we personify the values that underpin our product: openness, transparency, resourcefulness, community orientation, and kindness. We are on the lookout for like-minded individuals who share our ethos to join us on our exciting journey of revolutionizing the platform engineering sector. By joining Port, you'll be a part of a team that's changing how developers collaborate, enabling them to work faster, smarter, and more efficiently. Join us, and be a part of this transformation.
Why we're looking for you π
We're seeking a Security Compliance & Assurance Manager to own the hands-on documentation, policy writing, and evidence management across Port's security and compliance programs. This is a technical writing and audit readiness role supporting our FedRAMP authorization and broader GRC initiatives.
As Port grows and pursues FedRAMP authorization, we need someone who can translate complex technical controls into clear, comprehensive documentation. You'll be the expert who writes the SSP, maintains policies, collects evidence, and ensures our compliance programs are audit-ready - working closely with our GRC team and supporting both FedRAMP and ongoing compliance frameworks (SOC 2, ISO 27001, GDPR).
Who You'll Work With π―ββοΈ
You'll report to the CIO and work closely with the GRC Manager and FedRAMP Program Manager as part of the Security & Risk team. You'll collaborate cross-functionally with Engineering, DevOps, IT, and Product teams to document technical controls and collect evidence.
You'll also partner with Legal, HR, and external auditors (3PAOs, SOC 2 auditors) to ensure Port maintains and demonstrates the highest levels of security and compliance.
What You'll Do πΌ
What We're Looking For π
Port brings everything a developer needs together, encapsulated within a single user-friendly interface. From comprehending the software development lifecycle, executing tasks, to adhering to the organization's development standards, Port ensures that every aspect of software development is within easy reach for every developer.
As a team, we personify the values that underpin our product: openness, transparency, resourcefulness, community orientation, and kindness. We are on the lookout for like-minded individuals who share our ethos to join us on our exciting journey of revolutionizing the platform engineering sector. By joining Port, you'll be a part of a team that's changing how developers collaborate, enabling them to work faster, smarter, and more efficiently. Join us, and be a part of this transformation.
Why we're looking for you π
We're seeking a Security Compliance & Assurance Manager to own the hands-on documentation, policy writing, and evidence management across Port's security and compliance programs. This is a technical writing and audit readiness role supporting our FedRAMP authorization and broader GRC initiatives.
As Port grows and pursues FedRAMP authorization, we need someone who can translate complex technical controls into clear, comprehensive documentation. You'll be the expert who writes the SSP, maintains policies, collects evidence, and ensures our compliance programs are audit-ready - working closely with our GRC team and supporting both FedRAMP and ongoing compliance frameworks (SOC 2, ISO 27001, GDPR).
Who You'll Work With π―ββοΈ
You'll report to the CIO and work closely with the GRC Manager and FedRAMP Program Manager as part of the Security & Risk team. You'll collaborate cross-functionally with Engineering, DevOps, IT, and Product teams to document technical controls and collect evidence.
You'll also partner with Legal, HR, and external auditors (3PAOs, SOC 2 auditors) to ensure Port maintains and demonstrates the highest levels of security and compliance.
What You'll Do πΌ
- Write, maintain, and update the System Security Plan (SSP), Plan of Action & Milestones (POA&M), and all compliance documentation for FedRAMP authorization.
- Develop and maintain security policies and procedures including access control, incident response, data classification, encryption, and acceptable use policies.
- Lead evidence collection and audit readiness activities across multiple frameworks (FedRAMP, SOC 2, ISO 27001, GDPR).
- Partner with Engineering, IT, and the GRC Manager to document technical control implementations and translate controls into clear policy language.
- Support continuous monitoring activities, control testing, and remediation tracking.
- Manage customer security questionnaires, RFPs, and Trust Center content to support sales and customer assurance efforts.
- Maintain compliance tooling and dashboards (e.g., Drata, Tugboat Logic) for continuous visibility into control status.
- Support internal and external audits with timely, complete evidence packages and coordinate with 3PAOs and auditors.
- Build and maintain the compliance evidence repository and artifact management system.
- Over time, evolve into a core GRC & Assurance leader supporting enterprise certifications and customer trust programs.
What We're Looking For π
- 5 years in security compliance, audit, or assurance roles in SaaS or cloud environments.
- Deep expertise in compliance frameworks (FedRAMP, SOC 2, ISO 27001) and control requirements.
- Excellent technical writing and documentation skills - ability to translate complex technical controls into clear, comprehensive policies and procedures.
- Hands-on experience building and maintaining compliance evidence repositories and control testing programs.
- Strong understanding of technical security controls (encryption, access management, logging, monitoring, network security).
- Experience supporting audits and working with external assessors (3PAOs, SOC 2 auditors, ISO auditors).
- Strong organizational skills and attention to detail with ability to manage multiple compliance workstreams simultaneously.
- Collaborative communication style - able to work effectively with technical and non-technical stakeholders.
- Direct FedRAMP authorization experience (SSP development, POA&M management, continuous monitoring).
- Experience with customer-facing security programs (Trust Center management, security questionnaires, vendor security assessments).
- Hands-on experience with GRC automation platforms (Drata, Tugboat Logic, Vanta, OneTrust, Secureframe).
- Background in technical security controls, risk management, or security engineering.
- CISSP, CISA, CISM, or other security/compliance certifications.
- Familiarity with GDPR, CCPA, or other privacy frameworks and regulations.
- Experience in high-growth SaaS or cloud infrastructure companies.
- Technical background or ability to read/understand code and infrastructure configurations.