Senior Governance, Risk & Compliance Lead
Permanent - Full TimeJob Overview
At OnePlan, we specialize in creating AI-enabled solutions that make strategic portfolio, financial, resource, and work management seamless. We help businesses bridge the gap between strategy and execution by offering solutions that boost business agility, streamline project management, and optimize resources.
What Makes us Unique?
What truly makes OnePlan stand out is our commitment to delivering powerful solutions and fostering a culture of collaboration. We combine robust analytics with a platform that integrates seamlessly into the tools businesses already know and trust. Our high-trust, team-focused environment allows us to innovate quickly and deliver solutions that drive meaningful results for our clients. We're passionate about exceeding expectations, working together to empower organizations to succeed in a rapidly changing business landscape.
OnePlan is looking for a Senior Governance, Risk & Compliance Lead to own and operate our security, privacy, and compliance programs. This role is responsible for maintaining OnePlan’s existing certifications including SOC 2 Type II, ISO 27001, and ISO 27701, while leading our FedRAMP Moderate readiness initiative as we expand into public sector markets.
OnePlan is looking for a Senior Governance, Risk & Compliance Lead to own and operate our security, privacy, and compliance programs. This role is responsible for maintaining OnePlan’s existing certifications including SOC 2 Type II, ISO 27001, and ISO 27701, while leading our FedRAMP Moderate readiness initiative as we expand into public sector markets.
This is a senior individual contributor role focused on building and operationalizing a scalable governance, risk, and compliance program within a Microsoft based SaaS ecosystem. You’ll work closely with Product, Engineering, and Security leadership to ensure our platform, processes, and documentation meet the requirements of enterprise and government customers.
What You’ll Do at OnePlan
- Own and manage OnePlan’s governance, risk, and compliance program across security and privacy frameworks
- Maintain the company’s compliance certifications including SOC 2 Type II, ISO 27001, and ISO 27701, ensuring ongoing audit readiness and successful surveillance audits and recertifications
- Coordinate with external auditors and manage evidence collection, control validation, and supporting documentation
- Maintain and update security policies, procedures, and internal documentation supporting compliance frameworks
- Maintain the company risk register and drive risk identification, assessment, and remediation activities across the organization
- Partner closely with Engineering and IT teams to implement and document security controls across the platform
- Lead OnePlan’s FedRAMP Moderate readiness initiative, including NIST 800-53 gap assessments and remediation planning
- Develop and maintain the System Security Plan (SSP) and associated FedRAMP documentation
- Prepare the organization for 3PAO assessment and establish processes for ongoing continuous monitoring
- Manage vendor risk assessments and third party security reviews
- Support enterprise and public sector security questionnaires, compliance reviews, and due diligence requests
- Ensure privacy and data protection practices align with GDPR and global privacy frameworks
- Support the ongoing operation of OnePlan’s ISO 27701 privacy program
Our Ideal Fit
- 6+ years of experience in governance, risk and compliance, information security, or security compliance roles
- Direct experience managing SOC 2 Type II and ISO 27001 audits and maintaining ongoing compliance programs
- Strong understanding of NIST 800-53 and FedRAMP security requirements
- Experience using compliance automation platforms such as Vanta or similar tools
- Experience working in a cloud native SaaS environment, ideally within Azure
- Strong documentation, audit management, and cross functional coordination skills
- Ability to translate security and compliance requirements into practical operational processes
- Experience leading or supporting FedRAMP readiness or authorization programs
Bonus Points
- Professional certifications such as CISSP, CISM, CISA, CRISC, ISO 27001 Lead Implementer/Auditor, or CIPP
- Experience supporting enterprise security reviews and government compliance requirements
- Experience working in high growth SaaS or enterprise software companies