openashbyhqbaincapitalventures
Security Program Manager
Norm Ai
LocationEast Coast, New York City
WorkplaceRemote
EmploymentFullTime
Posted2026-05-19T17:38:34.509+00:00
Last observed2026-06-24 08:29:06.013692
Job idbaincapitalventures-norm-ai:ashbyhq:3fd0b773-58b9-48d9-9ab1-ba8078072c88
About Norm Ai Norm Ai, the agentic law company, has a client base with a combined $30 trillion in assets under management. Norm Ai pioneered Legal Engineering, the process that empowers lawyers to build and supervise domain-specific AI agents with Norm’s proprietary suite of no-code software tools. Norm Ai technology is deployed inside many of the largest and most consequential institutions in the world. Norm Ai is also the technology behind Norm Law, LLP, a separate but affiliated AI-native law firm built for the era of agentic AI. Norm Law’s attorneys advise leading institutions across private funds, private equity, venture capital, real estate, registered funds, and financial regulation, using the same legal intelligence platform that powers Norm Ai’s products. AI Fluency: Norm Ai expects all team members to be fluent in AI. Successful candidates actively use AI in their day-to-day work to support thinking, creation, and problem-solving. They use it to improve the quality and speed of their work and to continuously refine how work gets done end-to-end. Candidates should be prepared to demonstrate and discuss their AI usage throughout the interview process, including concrete examples of tools, workflows, and outcomes. We look for practical, hands-on experience, not theoretical familiarity. This Role: The Security Program Manager at Norm Ai is a hybrid between a GRC Manager and a Program Manager within the Office of the Chief Security Officer. You will own the execution of Norm Ai's security compliance programs, serve as the CSO's operational right hand, and drive cross-functional security and compliance initiatives across Engineering, Legal, IT, and the affiliated Norm Law practice. Security is your primary function, but this role sits at the intersection of compliance execution, risk management, and day-to-day program operations. You are the person who brings structure to ambiguity and makes sure nothing falls through the cracks. You Will: - Own and mature the GRC program across SOC 2 Type II, ISO 27001, and other applicable frameworks, including control mapping, evidence collection, gap analysis, remediation tracking, and audit coordination. - Serve as the primary liaison with external auditors and certification bodies; manage the full audit lifecycle from scoping and evidence gathering through report issuance. - Build and maintain the enterprise risk register; conduct periodic risk assessments and track risk treatment plans to closure with clear stakeholder accountability. - Lead the vendor security assessment program: evaluate third-party security posture, manage security questionnaires, and track remediation to completion. - Maintain and update security policies, standards, and procedures; own the policy review lifecycle from drafting through approval. - Manage priorities, track deliverables, and maintain operational cadence across the security organization including but not limited to staff meetings, quarterly planning, board reporting. - Drive cross-functional security initiatives and ensure alignment between Security, Engineering, Product, Legal, IT, and Business teams. - Manage security OKRs, KPIs, and metrics reporting; prepare dashboards and executive summaries for leadership and board audiences. - Coordinate incident response program readiness: maintain runbooks, organize tabletop exercises, and drive post-incident reviews to ensure lessons learned are captured and tracked. - Design, implement, and manage the security awareness and training program, including phishing simulations and effectiveness reporting. - Participate in client due diligence reviews and manage the intake process for inbound security questionnaires. - Support business continuity and disaster recovery planning in coordination with Engineering and IT. Skills & Experience - Core: - 5+ years of experience in security program management, GRC, or a related security operations role. - Hands-on experience managing compliance programs across at least
This page is generated from the committed OpenOpps static snapshot. Use the source posting or apply link for the employer's current canonical posting state.