Security and Compliance Manager

About Semaphore

Semaphore is a remote-first software company helping engineering teams ship with confidence, across both Semaphore Cloud and on-prem enterprise deployments. Our customers rely on us to be reliable, secure, and transparent. We have successfully completed multiple SOC 2 cycles and are looking for someone to continue strengthening the security and compliance program behind that trust.

About the Role

We are hiring a Security and Compliance Manager to own and continue improving Semaphore's security, compliance, and customer assurance program.

This role is for someone who can keep the company audit-ready, support customer trust, and maintain a practical compliance operating rhythm. You will work across Engineering, Infrastructure, Customer Success, Finance, Legal, and leadership to maintain controls, answer customer security requests, manage risk, and keep our policies and evidence in good shape.

The right person is organized, pragmatic, and comfortable working with both technical and non-technical teams. You do not need to be the deepest technical specialist in every system, but you do need to understand cloud and enterprise software environments well enough to ask good questions, validate evidence, and coordinate the right work.

What You Will Own

• Own Semaphore's SOC 2 and ISO 27001 readiness, evidence collection, and audit coordination.
• Keep policies, controls, procedures, and supporting documentation current and practical.
• Track compliance gaps and coordinate follow-through with the right owners.
• Handle customer security questionnaires, compliance requests, and vendor assessments with clear, reusable materials.
• Maintain practical risk, vendor review, privacy, and DPA workflows so customer commitments and internal practices stay aligned.
• Partner with Engineering and Infrastructure on technical control validation, penetration testing, access reviews, and cloud/on-prem governance.
• Keep security and compliance processes lightweight, clear, and owned, including emerging governance needs around internal AI use.
  

What We Are Looking For

• Based in Serbia, with 3+ years of experience in IT compliance, information security, risk management, privacy, audit, operations, or a related role with real ownership and accountability.
• Working knowledge of security, compliance, audit, or risk-management practices, with the ability to learn frameworks such as SOC 2 and ISO 27001 quickly.
• Experience owning or coordinating an important process end-to-end, such as audit evidence, policies, risk tracking, vendor reviews, customer questionnaires, access reviews, internal controls, or cross-functional operations.
• Strong written communication skills and the ability to make compliance topics clear to non-specialists.
• Good judgment: you can distinguish between real risk, audit formality, and unnecessary process.
• Ability to work independently in a remote company and keep many moving pieces organized.

Nice to Have

• Direct experience with SOC 2, ISO 27001, SaaS, cloud infrastructure, developer tools, or enterprise software.
• Familiarity with GDPR, DPAs, privacy operations, or customer assurance workflows.
• Experience working with Engineering or Infrastructure teams on security controls.
• Exposure to AI governance, third-party risk management, or security tooling, especially in companies adopting AI internally.
• Relevant certifications such as Security+, ISO 27001, CISA, CISSP, CIPM, CIPP/E, or similar.

What Success Looks Like

• Semaphore remains audit-ready across SOC 2, ISO 27001, and customer assurance needs.
• Customer security requests and compliance work are handled clearly, accurately, and on time.
• Teams get practical guidance on security, privacy, vendor, and AI-related risks without unnecessary process overhead.

Benefits

• The impact of working on a product that's competing in a global market.
• Join a small team of around 30 full-time people who love what they do.
• A healthy 40-hour work week, a friendly and supportive work environment.
• Competitive salary.
• Company retreats.
• Space to learn continuously and choose the tools and equipment for your job
• Paid trips to conferences and books of your choice.
• Interact with developers who use Semaphore and talk about the latest and greatest ways to develop and ship software.
• Paid membership at a fitness club of your choice