Compliance Enablement Technical Program Manager

About Us

Sophos is a global leader and innovator of advanced security solutions for defeating cyberattacks. The company acquired Secureworks in February 2025, bringing together two pioneers that have redefined the cybersecurity industry with their innovative, native AI-optimized services, technologies and products. Sophos is now the largest pure-play Managed Detection and Response (MDR) provider, supporting more than 28,000 organizations. In addition to MDR and other services, Sophos ’ complete portfolio includes industry-leading endpoint, network, email, and cloud security that interoperate and adapt to defend through the Sophos Central platform. Secureworks provides the innovative, market-leading Taegis XDR/MDR, identity threat detection and response (ITDR), next-gen SIEM capabilities, managed risk, and a comprehensive set of advisory services. Sophos sells all these solutions through reseller partners, Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) worldwide, defending more than 600,000 organizations worldwide from phishing, ransomware, data theft, other every day and state-sponsored cybercrimes. The solutions are powered by historical and real-time threat intelligence from Sophos X-Ops and the newly added Counter Threat Unit (CTU). Sophos is headquartered in Oxford, U.K. More information is available at www.sophos.com.

Role Summary

The technical backbone of our compliance automation function within the Trust and Assurance team. This is a hands-on, technically focused individual contributor role responsible for solving complex GRC domain problems through automation, AI tooling, and platform engineering rather than through process management alone.

The role owns the design and operationalization of compliance automation capabilities: integrating the GRC platform with cloud systems and internal tooling, building AI agents that automate evidence collection and control evaluation, and enabling continuous monitoring to replace point-in-time compliance snapshots with ongoing, automated assurance. The ideal candidate brings deep compliance framework knowledge, a strong engineering mindset, and demonstrated fluency with AI-assisted workflows to translate compliance requirements into scalable, automated solutions while remaining a capable contributor to day-to-day GRC operations.

What You Will Do

Platform Engineering & Integration

Own and operate the GRC platform (control mapping, evidence collection, continuous monitoring, and audit workflows), serving as the technical lead for all GRC SaaS integrations.

Integrate GRC tools with cloud platforms (AWS, Azure, GCP) and internal systems (e.g., Jira, BigQuery) using APIs and scripting.

Design and implement automated workflows for evidence collection, control monitoring, and remediation tracking.

Build and maintain dashboards to visualize complia