Red Hat's Product Security Compliance team is looking for a Senior Compliance Manager to lead complex, multi-framework audit programs for our flagship cloud platforms. You will act as a primary lead for our large-scale external audits and a driver for our strategic shift toward compliance automation. This role is ideal for a seasoned compliance professional who is technically curious, capable of navigating cross-functional friction, and eager to architect a continuous audit-ready ecosystem.What you will do:- Audit Lifecycle Leadership: Lead the end-to-end execution of large-scale consolidated audits (ISO 27001/17/18, SOC 2/3, PCI-DSS, HIPAA, etc.). Manage external auditor relationships and hold accountability for successful, zero-finding audit outcomes.
- Compliance Automation & Innovation: Partner with Product Security Engineering to operationalize AI-driven compliance. Lead the implementation of AI-agents, gap analysis tools, and automated evidence mapping. You will be responsible for turning manual, time-intensive processes into streamlined, high-fidelity automated workflows.
- Operational Architecture: Beyond maintaining current documentation, you will redesign our compliance "source of truth." Lead the adoption of Git-based workflows, Markdown/YAML documentation, and centralized dashboarding to ensure our data is audit-ready and observable at all times.
- Cross-Functional Diplomacy: Act as the primary compliance liaison between Product Security, SRE, Legal, and HR. Proactively resolve complex blockers, negotiate evidence requirements, and facilitate technical tabletop exercises for BC/DR and IR.
- Team Mentorship: Serve as a force multiplier. Mentor Associate and Junior Program Managers on audit best practices, interview preparation, and stakeholder communication. You will be expected to raise the bar for the entire team's output.
- Strategy & Roadmap Contribution: Influence our long-term compliance roadmap by identifying systemic bottlenecks, planning for new regulatory requirements (e.g., EU AI Act, QC1/QC2), and supporting the global expansion of our hybrid cloud offerings.
What you will bring:- Experience: 5+ years of experience in GRC, Information Security, or IT Program Management. Proven history of leading large-scale external audits in cloud-native or SaaS environments.
- Deep Framework Expertise: Subject matter expertise in with current industry frameworks (PCI-DSS, ISO, SOC, HIPAA etc).
- Technical Proficiency: Experience in Git, Markdown, and YAML is required, as our compliance documentation lives in version control.
- Strategic AI Literacy: Demonstrated ability to leverage AI/LLM tools (e.g., Gemini, Cursor, NotebookLM) to automate compliance tasks.
- Project Management & Conflict Resolution: A track record of successfully navigating high-pressure audit cycles and resolving conflicting priorities across engineering and security teams.
- Leadership Presence: Ability to represent Red Hat compliance interests confidently in front of external auditors and internal executive stakeholders.
Why You'll Thrive Here- Build the Future: You aren't just maintaining status quo compliance; you are building a modern, automated compliance infrastructure.
- Cross-Pollination: You will work directly with our engineering teams, meaning your input directly impacts the security and compliance roadmap of our products.
- High Autonomy: We value proactive leaders who identify problems and propose technical solutions before they become audit findings.
The salary range for this position is $118,600.00 - $195,680.00. Actual offer will be based on your qualifications.
Pay TransparencyRed Hat determines compensation based on several factors including but not limited to job location, experience, applicable skills and training, external market value, and internal pay equity. Annual salary is one component of Red Hat's compensation package. This position may also be eligible for bonus, commission, and/or equity. For positions with Remote-US locations, the actual salary range for the position may differ based on location but will be commensurate with job duties and relevant work experience.
