Security Compliance Manager

About SonderMind

At SonderMind, we believe everyone deserves one personalized, connected, and effective mental health destination to take care of their mental health and well-being at any stage of life. SonderMind care encompasses everything from therapy and medication management to meditation and mindfulness exercises. Our clinicians leverage our digital tools and research to deliver increasingly high-quality care and to develop thriving practices. Combining technology and human connection, SonderMind drives better outcomes through our comprehensive approach. Learn more about SonderMind at sondermind.com or download the mobile app, available on iOS and Android. To follow the latest SonderMind news, get to know our clients, and learn about what it’s like to work at SonderMind, you can follow us on Instagram, Linkedin, and Twitter.

About the Role

Sondermind seeking a Security Compliance Manager who will operate as the project manager for our security and compliance program. You will drive policy creation, coordinate cross-functional ownership through RACI alignment, and ensure continuous compliance with ISO 27001 and other frameworks. Success is measured by audit readiness, completion of recurring control activities, and clear visibility of compliance posture to leadership.

What you’ll do

Program Governance

• Draft, publish, and maintain information-security and privacy policies, standards, and procedures.
• Establish a living compliance calendar covering control tests, access reviews, vendor assessments, and policy refresh cycles.

Stakeholder Alignment & RACI Management

• Facilitate working sessions so Engineering, IT, PeopleOps, and Legal understand their accountability for controls such as vulnerability management, change management, and incident response, etc...
• Track and report control ownership status; escalate gaps or overdue actions.

Audit & Certification Ownership

• Lead annual ISO 27001 audits end-to-end: scoping, readiness assessments, evidence collection, auditor coordination, and remediation follow-up. 
• Maintain audit work-papers and a centralized evidence repository

Control Operation & Monitoring

• Execute and document periodic controls: quarterly user access reviews, privileged-access attestations, vendor risk assessments, business continuity tests, and vulnerability-remediation SLAs.
• Automate evidence capture wherever feasible through tooling integrations (e.g., Vanta, Jira, Slack).

Risk Management & Continuous Improvement

• Conduct security risk assessments for new products and vendors; track mitigation plans to closure.
• Update policies and training content in response to regulatory and industry changes. .
• Generate KPIs and board-level metrics on compliance health, audit findings, and risk trends.

Training & Awareness

• Develop and deliver role-based security and privacy training; ensure coverage and completion tracking.
• Promote a culture of accountability through regular communications, lunch-and-learns, and compliance office hours.

What does success look like?

You will be the main point of contact for all things compliance at Sondermind, giving you autonomy to shape processes, introduce automation, and drive a measurable security culture. Your work will ensure we scale securely and retain the trust of millions of users.

Who You Are

Minimum Qualifications

• 5+ years in information-security compliance, ideally within a SaaS environment.
• Demonstrated ownership of at least one full SOC 2 Type 2 audit cycle.
• Strong project-management skills: ability to run parallel work-streams, influence without authority, and meet tight deadlines.
• Working knowledge of common control frameworks (SOC 2, ISO 27001, NIST CSF, etc..)
• Familiarity with security tooling for evidence collection (e.g., Vanta) and ticketing systems (Jira).
• Excellent written and verbal communication; adept at translating control requirements for technical and non-technical audiences.

Preferred Qualifications

• CISSP, CISA, CISM, or similar certification.
• Experience building RACI matrices and running cross-functional governance forums.
• Background in vulnerability management processes or secure SDLC.

Our Benefits 

The anticipated salary range for this role is $130,000 - $145,000 per year. Final compensation will be determined based on a variety of factors, including relevant experience, skills, education, and past performance. In addition to base salary, this position may also be eligible for a variable bonus and equity.

As leaders in redesigning behavioral health, we walk the walk with our employees' benefits. We want the experience of working at SonderMind to accelerate people’s careers and enrich their lives, so we focus on meeting SonderMinders wherever they are and supporting them in all facets of their lives and work.

Our benefits include:

• A commitment to fostering flexible hybrid work
• A generous PTO policy with a minimum of three weeks off per year
• Free therapy coverage benefits to ensure our employees have access to the care they need (must be enrolled in our medical plans to participate)
• Competitive Medical, Dental, and Vision coverage with plans to meet every need, including HSA ($1,100 company contribution) and FSA options
• Employer-paid short-term, long-term disability, life & AD&D to cover life's unexpected events. Not only that, we also cover the difference in salary for up to seven (7) weeks of short-term disability leave (after the required waiting period) should you need to use it.
• Eight weeks of paid Parental Leave (if the parent also qualifies for STD, this benefit is in addition, which allows between 8-16 weeks of paid leave)
• 401K retirement plan with 100% matching which immediately vests on up to 4% of base salary
• Travel to Denver 1x a year for annual Shift gathering
• Fourteen (14) company holidays
• Company Shutdown between Christmas and New Years
• Supplemental life insurance, pet insurance coverage, commuter benefits and more!

Application Deadline

This position will be an ongoing recruitment process and will be open until filled.

Equal Opportunity 

SonderMind does not discriminate in employment opportunities or practices based on race, color, creed, sex, gender, gender identity or expression, pregnancy, childbirth or related medical conditions, religion, veteran and military status, marital status, registered domestic partner status, age, national origin or ancestry, physical or mental disability, medical condition (including genetic information or characteristics), sexual orientation, or any other characteristic protected by applicable federal, state, or local laws.