Senior Governance, Risk & Compliance Lead

At OnePlan, we specialize in creating AI-enabled solutions that make strategic portfolio, financial, resource, and work management seamless. We help businesses bridge the gap between strategy and execution by offering solutions that boost business agility, streamline project management, and optimize resources. What Makes us Unique?What truly makes OnePlan stand out is our commitment to delivering powerful solutions and fostering a culture of collaboration. We combine robust analytics with a platform that integrates seamlessly into the tools businesses already know and trust. Our high-trust, team-focused environment allows us to innovate quickly and deliver solutions that drive meaningful results for our clients. We're passionate about exceeding expectations, working together to empower organizations to succeed in a rapidly changing business landscape.OnePlan is looking for a Senior Governance, Risk & Compliance Lead to own and operate our security, privacy, and compliance programs. This role is responsible for maintaining OnePlan’s existing certifications including SOC 2 Type II, ISO 27001, and ISO 27701, while leading our FedRAMP Moderate readiness initiative as we expand into public sector markets.This is a senior individual contributor role focused on building and operationalizing a scalable governance, risk, and compliance program within a Microsoft based SaaS ecosystem. You’ll work closely with Product, Engineering, and Security leadership to ensure our platform, processes, and documentation meet the requirements of enterprise and government customers.
What You’ll Do at OnePlan
Own and manage OnePlan’s governance, risk, and compliance program across security and privacy frameworksMaintain the company’s compliance certifications including SOC 2 Type II, ISO 27001, and ISO 27701, ensuring ongoing audit readiness and successful surveillance audits and recertificationsCoordinate with external auditors and manage evidence collection, control validation, and supporting documentationMaintain and update security policies, procedures, and internal documentation supporting compliance frameworksMaintain the company risk register and drive risk identification, assessment, and remediation activities across the organizationPartner closely with Engineering and IT teams to implement and document security controls across the platformLead OnePlan’s FedRAMP Moderate readiness initiative, including NIST 800-53 gap assessments and remediation planningDevelop and maintain the System Security Plan (SSP) and associated FedRAMP documentationPrepare the organization for 3PAO assessment and establish processes for ongoing continuous monitoringManage vendor risk assessments and third party security reviewsSupport enterprise and public sector security questionnaires, compliance reviews, and due diligence requestsEnsure privacy and data protection practices align with GDPR and global privacy frameworksSupport the ongoing operation of OnePlan’s ISO 27701 privacy program
Our Ideal Fit
6+ years of experience in governance, risk and compliance, information security, or security compliance rolesDirect experience managing SOC 2 Type II and ISO 27001 audits and maintaining ongoing compliance programsStrong understanding of NIST 800-53 and FedRAMP security requirementsExperience using compliance automation platforms such as Vanta or similar toolsExperience working in a cloud native SaaS environment, ideally within AzureStrong documentation, audit management, and cross functional coordination skillsAbility to translate security and compliance requirements into practical operational processesExperience leading or supporting FedRAMP readiness or authorization programsBonus PointsProfessional certifications such as CISSP, CISM, CISA, CRISC, ISO 27001 Lead Implementer/Auditor, or CIPPExperience supporting enterprise security reviews and government compliance requirementsExperience working in high growth SaaS or enterprise software companies
More Reasons Why You Should Apply!
We’re a remote-first company with team members across the USA, Canada, UK, and India!OnePlan has been recognized as the Global Microsoft Partner of the Year in Project Portfolio Management in 2019, 2020, 2021, 2022 and 2023.We’ve been named a "Strong Performer" in the latest Forrester Strategic Portfolio Management WAVE report.We offer comprehensive health, dental, and vision benefits, with additional insurance options.Employer RRSP and 401K matching programs.A fun, collaborative, and diverse environment with regular health and team challenges to keep things light and enjoyable!At OnePlan, we are committed to equal employment opportunities regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or expression, or veteran status. We are proud to be an equal-opportunity workplace.Upon receipt of an offer letter, candidates will be subject to a standard background check process. Disclaimer: We’ll only contact candidates who have applied directly through our official channels. Any communication about job offers will always come from an email address linked to OnePlan Solutions, and we’ll follow our standard hiring process every time. You’ll never be asked for money or personal information during the interview process. If something feels off, don’t hesitate to reach out to us to confirm.Ready to Apply?Check out what it’s like to work at OnePlan and learn more about us at https://oneplan.ai/

Apply Now