Information Security and Compliance Manager

A Moving Experience.

We are a leading software development company specializing in voice AI technology for the global automotive industry. Our solutions power next‑generation in‑vehicle voice experiences for some of the world’s most recognized automotive brands. We are seeking a skilled Security and Compliance Manager to lead our efforts in protecting our infrastructure, applications, people, and customers while aligning with industry standards and best practices.

• Lead the implementation and oversight of security controls interfacing with our global teams
• Maintain and evolve our information security management system (ISMS) in line with frameworks such as ISO 27001/17, TISAX, CIS, and NIST
• Manage projects and programs to meet our security objectives
• Manage internal and external network penetration tests, vulnerability scans, and remediation processes
• Coordinate responses to customer security assessments, including RFPs, RFQs, and due diligence questionnaires
• Oversee centralized compliance controls and governance tools
• Partner with IT, help desk, and software development teams to ensure secure operations and adherence to best practices
• Track and report on compliance posture, including risk assessments, audit results, and remediation efforts
• Monitor changes in regulatory requirements or industry standards and adjust internal controls as needed
• Promote a culture of security awareness across the organization

• Bachelors degree
• 5+ years of experience in enterprise information security and risk or compliance management within a software development or technology‑focused company
• Strong understanding of enterprise security architecture and security solution implementation
• Experience managing penetration testing, vulnerability assessments, and incident response planning
• Experience with compliance frameworks and standards such as ISO 27001/17, TISAX, CIS, and NIST
• Experience working with IT infrastructure, service/help desk teams, and software development teams
• Experience with Crowdstrike Falcon, network vulnerability management tools, static code analysis and open source scanning tools
• Proven analytical and critical thinking
• Proven ability to methodically plan, organize, and manage initiatives
• Demonstrated ability to lead security audits and manage external security assessments
• Excellent written and verbal communication skills, especially for client‑facing documentation and security reporting

• Industry certifications such as CISSP, CISM, CRISC, or ISO 27001 Lead Implementer
• Familiarity with application compliance frameworks such as ISO 21434, UNECE WP.29
• Experience facilitating threat analysis and risk assessments (TARA)
• Experience with Atlassian Jira and Confluence
• Experience with Azure cloud security controls
• Familiarity with GRC platforms and compliance automation tools (e.g. Audit Board, Drata)

Cerence is firmly committed to Equal Employment Opportunity (EEO) and to compliance with all federal, state and local laws that prohibit employment discrimination on the basis of age, race, color, gender, gender identity, gender expression, sex, sex stereotyping, pregnancy, national origin, ancestry, religion, physical or mental disability, medical condition, marital status, citizenship status, sexual orientation, protected military or veteran status, genetic information and other protected classifications. Cerence Equal Employment Opportunity Policy Statement.