Sr. Manager of Data, Risk, and Compliance

At Thoropass, we are revolutionizing the compliance and audit industry by integrating cutting-edge AI technology with expert human insight. Our team is dedicated to delivering exceptional customer experiences and high-quality outcomes.

We’re driven by our mission to build a world that’s safer for consumers and ensuring compliance is never a blocker to innovation. By bringing together remarkably talented individuals, we’re looking to help the industry see compliance as an advantage. 

These are the behaviors and skills we look for in our people. Living by these values ensures we are building a team that can grow together and deliver the best possible outcomes for each other and our customers.

Take thoughtful risk: We solve for today while being considerate of tomorrow—creatively leveraging our tools and abilities to hit ambitious goals.

Be curious, ask, and learn: We always seek to better understand our industry and our customers. We don’t shy away from mistakes—using every bit of data to learn and iterate.

Win together: Compliance is a team sport. We proactively engage with one another and check our egos at the door in search of the best ideas.

Move the needle: Our goals are lofty for a reason. We set clear expectations, give direct feedback, and challenge ourselves to close the gap between those goals and results.

Thoropass is redefining the future of security compliance and audits. As the only all-in-one platform combining compliance automation software, a tech-enabled audit firm, and penetration testing services, we help organizations accelerate SOC, PCI, ISO, HITRUST, HIPAA, and other frameworks through AI-powered innovation like First Pass AI.

Backed by leading investors including J.P. Morgan, PayPal Ventures, Bain Capital, and others, Thoropass operates globally across 18+ countries and continues to scale rapidly.

Founded in 2019 and headquartered in New York, Thoropass has rapidly expanded with $97M in funding from top investors including J.P. Morgan, PayPal Ventures, Fin Capital, Centana, Canapi, and Bain Capital. We operate as a virtual, global company with a presence in over 18 countries. 

About the Role

The Senior Manager, Data Privacy, Risk and Compliance will lead enterprise-wide governance, risk, and compliance (GRC) programs, ensuring Thoropass maintains a strong security posture, robust privacy practices, and adherence to trade and healthcare regulations.

This leader partners cross-functionally to build scalable, practical programs that enable innovation while protecting data, maintaining regulatory integrity, and driving business growth.

What You'll Do

• Direct enterprise-wide information security strategy, standards, and governance across IT systems, networks, and applications.
  
• Define, implement, and maintain baseline security configurations aligned with ISO 27001, SOC 2, NIST, and CIS benchmarks.
• Lead incident response, disaster recovery, penetration testing, and vulnerability management programs.
• Oversee access management, identity governance, and insider threat monitoring initiatives.
• Drive continuous risk assessments, audits, and third-party risk management.

• Own Thoropass’ global data protection program, ensuring compliance with GDPR, CCPA, HIPAA, and other privacy laws.
• Conduct Privacy Impact Assessments (PIAs), manage data inventories, and oversee breach notification and data subject requests.
  Develop and maintain internal privacy training, awareness, and documentation.
• Support customer-facing vDPO (virtual Data Protection Officer) services through education, webinars, and thought leadership content.
• Embed privacy-by-design principles into product and operational processes.

• Manage U.S. trade, export control, and sanctions compliance per company policy and applicable regulations.
• Maintain product and service classifications, export jurisdiction, and sanctions screening.
• Oversee compliance audits, recordkeeping, and employee training related to trade regulations.
• Advise senior management on regulatory risks and mitigation strategies.
  

• Serve as SME on HIPAA, HITECH, HITRUST, and related healthcare security frameworks.
• Collaborate with internal and external stakeholders to ensure compliant data handling practices.
• Develop and deliver internal training and customer education content.

• Bachelor’s degree in Computer Science, Information Technology, Engineering, or related discipline.
  
• Advanced degree or certifications (CIPP/E, CIPM, CISSP, CISM, CRISC, HITRUST CCSFP) preferred.
  

• 7-10 years total experience, including:
• 5+ years managing Governance, Risk & Compliance (GRC) programs end-to-end.
  4+ years in Data Privacy and Protection (GDPR, CCPA, HIPAA).
  3–5 years managing or leading Information Security and IT Risk programs.
• Proven track record implementing frameworks: SOC 2, ISO 27001/27701, HITRUST, GDPR, CCPA.
• Experience leading privacy, risk, or compliance initiatives in SaaS or cloud environments.
  Strong cross-functional leadership, communication, and change management skills.
  Ability to manage global, remote teams and partner with executives.

• Security Architecture, Encryption, and Network/Cloud Security.
• Secure SDLC and Privacy by Design principles.
  Risk assessment, third-party risk management, and compliance reporting.
• Trade compliance, export control, and sanctions screening.
• Program management, process improvement, and stakeholder enablement.
  

• Thoropass maintains continuous compliance with major frameworks (SOC, ISO, HITRUST).
• Privacy program achieves high audit readiness with minimal exceptions.
  Teams operate efficiently under clear policies, risk visibility, and security controls.
  The Senior Manager serves as a trusted advisor to leadership and a visible privacy champion internally and externally.

• The base compensation range for this position is $140,000-165,00 and will be based on experience and skill set
• Immediate access to health, dental, and vision care 
• Equity 
• Hybrid & remote work available
• Flexible PTO
• 401k