What is the salary for this Compliance Program Manager role?

Salary information is not publicly listed for this position. Apply directly to discuss compensation with Kong.

Where is this Compliance Program Manager position located?

This is an on-site position at Kong located in Remote.

How do I apply for this Compliance Program Manager job at Kong?

Click the 'Apply' button on this page to be redirected to Kong's application portal. Make sure to have your resume ready and tailor your application to highlight relevant experience.

Kong is actively hiring for Product roles. Visit the company page to see all open positions and learn more about working at Kong.

Compliance Program Manager

Kong Remote Today

product

Are you ready to power the World's connections?

If you don’t think you meet all of the criteria below but are still interested in the job, please apply. Nobody checks every box - we’re looking for candidates that are particularly strong in a few areas, and have some interest and capabilities in others.

Role Summary

This senior individual contributor with program ownership responsibility is a high-impact role supporting customer trust, audits, and revenue enablement. The Compliance Program Manager is responsible for customer-facing security and compliance assurance for a designated Kong product, while also owning the PCI-DSS compliance program and certification lifecycle for that product.

This role acts as the primary Subject Matter Expert (SME) for customer assurance, audit readiness, and PCI-DSS controls, partnering closely with Engineering, SRE, Product, Legal, and Compliance teams. The role is critical to maintaining customer trust, supporting sales motions, and ensuring ongoing regulatory and industry compliance.

Key Responsibilities

Manage the end-to-end PCI DSS compliance program, ensuring adherence to the latest v4.0 standards.
Conduct regular internal assessments and readiness reviews for Reports on Compliance (ROC).
Serve as the Customer Assurance SME for one assigned Kong product (Dedicated Cloud Gateways).
Support all customer assurance requests for the assigned product, including security questionnaires, due diligence reviews and compliance inquiries
Attend customer calls as required to explain the product’s security posture, compliance controls, and audit status.
Ensure responses are accurate, consistent, and aligned with approved Kong messaging.

For customer assurance requests involving multiple Kong products, collaborate with other product SMEs to deliver coordinated, consistent and high-quality responses
Ensure alignment between product-specific responses and Kong’s broader security and compliance posture.

Cater to audit evidence requirements for the assigned product.
Partner with the Compliance Program Manager and internal stakeholders to ensure ongoing audit readiness for frameworks such as ISO 27001, SOC 2 Type II.
Validate that security and compliance controls are documented, implemented, and supported by appropriate evidence.
Drive the implementation of security and compliance best practices across the assigned product.
Foster strong cross-functional collaboration across Security, Engineering, SRE, Product, Legal, and Sales teams.
Promote secure-by-design and compliance-by-design principles in product development and operations.
Identify control gaps and drive remediation efforts with Engineering and Product teams.
Participate in cross-training initiatives with other Customer Assurance and Compliance SMEs.

PCI-DSS Program Ownership (Product-Specific)

Own end-to-end PCI-DSS compliance for the assigned Kong product, including:
- Scope definition and validation
- Control implementation and documentation
- Evidence collection and maintenance
- Annual PCI-DSS assessments and certification
Act as the primary point of contact for PCI-related matters, including:
- Internal stakeholders
- Qualified Security Assessors (QSAs)
- Customer PCI inquiries
Ensure PCI controls are embedded into product architecture and operational processes.
Track PCI requirements, changes, and remediation activities to maintain continuous compliance.

Required Qualifications

8+ years of experience in Customer Assurance, Security Compliance, GRC, or Trust roles
Demonstrated experience owning end-to-end PCI-DSS compliance programs
Experience supporting customer-facing security and compliance engagements
Prior experience working in SaaS, cloud, or infrastructure platforms

Strong hands-on knowledge of PCI-DSS
Experience managing audits, assessments, and evidence collection
Understanding of shared responsibility models and cloud security controls

Understanding of APIs, cloud-native architectures, or platform security is a strong plus

Excellent written and verbal communication skills
Ability to translate complex compliance requirements into customer- and engineer-friendly language
Comfortable engaging with enterprise customers, auditors and QSAs, and internal leadership and cross-functional teams

Bachelor’s degree in Information Security, Computer Science, or a related field, or equivalent practical experience
PCI Professional (PCIP), PCI Internal Security Assessor (ISA), CISSP, CISA, CRISC, or ISO 27001 certifications preferred but not mandatory

About Kong:

Kong Inc., a leading developer of cloud API technologies, is on a mission to enable companies around the world to become “API-first” and securely accelerate AI adoption. Kong helps organizations globally — from startups to Fortune 500 enterprises — unleash developer productivity, build securely, and accelerate time to market. For more information about Kong, please visit www.konghq.com or follow us on X @thekonginc.