Norm Ai
Information Security
SecurityProgramManager
Neural analysis suggests this role is
optimal for Mid candidates.
“Security Program Manager at Norm Ai. Skills: Security program management, GRC, Compliance execution, Risk management, Program operations. Own and mature the GRC program across SOC 2 Type II, ISO 27001, and other applicable frameworks. Serve as the primary liaison with external auditors and certification”
What You'll Achieve.
Map the existing security program and compliance; Understand Norm Ai's current control environment, open audit gaps, and active risks; Get fully onboarded into Vanta, Linear, and Notion; Establish working relationships with the CSO, Director of Compliance, Engineering leads, and Legal; Identify the most pressing open thread and start driving it; Own the GRC program calendar with a clear view of upcoming audit milestones, evidence collection owners, and remediation timelines; Establish a regular reporting cadence for the CSO, including OKR tracking and cross-functional status updates; Have moved at least one active compliance or risk initiative from intake to measurable progress
Industry & Context.
Brings structure to ambiguity
Travel to the office is expected approximately once per quarter for remote employees, Candidates local to New York City and within commuting distance of our office will be expected to come in 3-4 days per week, Relocation reimbursement for candidates needing to relocate to NYC
What They're Looking For.
Must Have
5+ years of experience in security program management, GRC, or a related security operations role, Hands-on experience managing compliance programs across at least two major frameworks (e. g. , SOC 2, ISO 27001, GDPR, HIPAA), Working knowledge of risk management frameworks such as NIST RMF, ISO 31000, or FAIR, Experience with GRC and compliance automation, project management skills with the ability to manage multiple concurrent, experience with Linear, Jira, Notion, or equivalent tools, Comfortable using AI tools to accelerate security and compliance work, Experience coordinating external audits and working directly with auditors, Familiar enough with cloud environments (AWS) and developer tooling (GitHub) to have substantive conversations with engineering teams, Proven ability to drive cross-functional work without direct authority, Clear, concise experienced preparing executive-level updates and board materials, Background in a fast-paced startup, scale-up, or boutique consulting environment where you had to build programs with limited resources
Nice to Have
Experience in a strategic operations role within a security or technology organization, Background in government, financial services, or other highly regulated industries, Relevant certifications: CISSP, CISM, CRISC, CISA, CGRC, or PMP
What You'll Do.
Own and mature the GRC program across SOC 2 Type II
and other applicable frameworks
Serve as the primary liaison with external auditors and certification
Build and maintain the enterprise risk
Lead the vendor security assessment program
Maintain and update security policies
and maintain operational cadence across the security organization
Drive cross-functional security initiatives
Coordinate incident response program readiness
and manage the security awareness and training program
Participate in client due diligence reviews
Support business continuity and disaster recovery planning
How You'll Work.
Team & Collaboration
Drive cross-functional security and compliance initiatives across Engineering, Legal, IT, and the affiliated Norm Law practice; Serve as the CSO's operational right hand; Ensure alignment between Security, Engineering, Product, Legal, IT, and Business teams
Communication Scope
Clear, concise experienced preparing executive-level updates and board materials
Process & Methodology
Manage multiple concurrent, Manage priorities, Track deliverables, Maintain operational cadence
Full Job Description
About Norm Ai Norm Ai, the leading Legal & Compliance AI company, has a client base with a combined $30 trillion in assets under management. By turning legal code into AI code, Norm enables enterprises to move faster and more comprehensively in their legal and compliance processes with reliability and trust. Norm’s platform combines frontier AI, proprietary legal reasoning systems, and embedded legal and regulatory expertise. We have recently raised more than $140 million, backed by Blackstone, Bain Capital, Vanguard, Citi, New York Life, TIAA, Coatue, Craft Ventures, Henry R. Kravis (KKR co-founder), and Marc Benioff (Salesforce CEO). Norm Ai pioneered Legal Engineering, the process that empowers lawyers to build and supervise domain-specific AI agents with Norm’s proprietary suite of no-code software tools. We hired dozens of lawyers from premier U.S. law firms and trained them as Legal Engineers, who specialize in Large Language Model powered legal workflows. Norm Ai technology is deployed inside many of the largest and most consequential institutions in the world. The company is growing quickly and hiring across all teams. AI Fluency: Norm Ai expects all team members to be fluent in AI. Successful candidates actively use AI in their day-to-day work to support thinking, creation, and problem-solving. They use it to improve the quality and speed of their work and to continuously refine how work gets done end-to-end. Candidates should be prepared to demonstrate and discuss their AI usage throughout the interview process, including concrete examples of tools, workflows, and outcomes. We look for practical, hands-on experience, not theoretical familiarity. This Role: The Security Program Manager at Norm Ai is a hybrid between a GRC Manager and a Program Manager within the Office of the Chief Security Officer. You will own the execution of Norm Ai's security compliance programs, serve as the CSO's operational right hand, and drive cross-functional security and complia
Applying for this Security Program Manager role?
Most applicants get filtered before a human reads their resume. See if yours makes the cut.
How to Apply on Ashby
- Ashby is a fast modern ATS — most applications take under 3 minutes.
- The resume parser is strong; verify parsed experience dates and job titles.
- Custom screening questions are often scored algorithmically — answer completely.
- Location field affects geo-based screening; use your actual metro area.
ANONYMOUS · UNFILTERED
What do employees actually say about Norm Ai?
Real rants from real employees. Read before you apply.