security
Added 3 weeks agoCybersecurity Manager
at Playlist
United StatesOn-site
Requirements
- You’ll own the driving of our compliance programs across SOC 1 Type II, ISO 27001, HITRUST, NIST CSF/800-53, and IT SOX.
- experience in: 7+ years of progressive Information Security GRC, Compliance, or Audit experience, including at least 2 years of direct people management Hands-on program ownership across multiple compliance frameworks: SOC 1 Type II is required, plus working depth in at least two of ISO 27001, HITRUST, NIST CSF/800-53, or IT SOX, with the ability to map and rationalize controls across frameworks.
- experience with a compliance automation platform (Drata, Vanta, Hyperproof, Secureframe, Optro or similar) and a clear point of view on how tooling should scale with program growth Strong project management skills, can run multiple audits and integration workstreams in parallel without dropping deadlines Direct
- experience managing external auditors and assessors, including comfort challenging scope and interpretation Excellent written and verbal communication, with the ability to translate compliance and risk findings into clear executive and partner-team updates Nice to Have: key
Additional details
- About the Company: At Playlist, life's richest moments happen when people step away from screens to move, connect, explore, and play.
- We're building the definitive platform for intentional living, connecting people with inspiring experiences in fitness, wellness, and beyond.
- With popular brands like Mindbody and ClassPass, Playlist empowers businesses and individuals, making it effortless for aspirations to become actions.
- Join us in reshaping technology's role to foster meaningful, real-world connections.Who we are: Playlist’s GRC team owns governance, risk, third-party risk, and compliance across a complex, multi-brand environment including Mindbody, ClassPass, Booker, Kite and EGYM and the businesses we continue to acquire and integrate.
- We sit at the intersection of Security, Legal, Engineering, and Finance, and we operate as builders: standing up programs, harmonizing controls across entities, and turning audit-readiness into something the business can scale with rather than scramble through.
- We’re hands-on, comfortable without a playbook, and biased toward decisions that unblock partners rather than slow them down.
- If you want to lead a team doing meaningful GRC work at real scale, we’d love to hear from you.
- Your role: The GRC Manager is a player-coach role responsible for two of the most important threads running through our function: the third-party risk management workflow and Playlist’s compliance program portfolio.
- You’ll lead a team of GRC Analysts and Program Managers, set the operating standards for how we assess vendors and run audits, and serve as the GRC team’s day-to-day operating leader across the broader function.
- You’ll partner closely with Legal, Security Engineering, Product, and Finance to make sure these programs reflect how the business operates, and that compliance