About this role
Are you ready to power the World's connections?
If you don’t think you meet all of the criteria below but are still interested in the job, please apply. Nobody checks every box - we’re looking for candidates that are particularly strong in a few areas, and have some interest and capabilities in others.
Role SummaryThis senior individual contributor with program ownership responsibility is a high-impact role supporting customer trust, audits, and revenue enablement. The Compliance Program Manager is responsible for customer-facing security and compliance assurance for a designated Kong product, while also owning the PCI-DSS compliance program and certification lifecycle for that product.
This role acts as the primary Subject Matter Expert (SME) for customer assurance, audit readiness, and PCI-DSS controls, partnering closely with Engineering, SRE, Product, Legal, and Compliance teams. The role is critical to maintaining customer trust, supporting sales motions, and ensuring ongoing regulatory and industry compliance.
Key ResponsibilitiesManage the end-to-end PCI DSS compliance program, ensuring adherence to the latest v4.0 standards.
Conduct regular internal assessments and readiness reviews for Reports on Compliance (ROC).
Serve as the Customer Assurance SME for one assigned Kong product (Dedicated Cloud Gateways).
Support all customer assurance requests for the assigned product, including security questionnaires, due diligence reviews and compliance inquiries
Attend customer calls as required to explain the product’s security posture, compliance controls, and audit status.
Ensure responses are accurate, consistent, and aligned with approved Kong messaging.
For customer assurance requests involving multiple Kong products, collaborate with other product SMEs to deliver coordinated, consistent and high-quality responses
Ensure alignment between product-specific responses and Kong’s broader security and compliance posture.
Cater to audit evidence requirements for the assigned product.
Partner with the Compliance Program Manager and internal stakeholders to ensure ongoing audit readiness for frameworks such as ISO 27001, SOC 2 Type II.
Validate that security and compliance controls are documented, implemented, and supported by appropriate evidence.
Drive the implementation of security and compliance best practices across the assigned product.
Foster strong cross-functional collaboration across Security, Engineering, SRE, Product, Legal, and Sales teams.
Promote secure-by-design and compliance-by-design principles in product development and operations.
Identify control gaps and drive remediation efforts with Engineering and Product teams.
Participate in cross-training initiatives with other Customer Assurance and Compliance SMEs.
PCI-DSS Program Ownership (Product-Specific)Own end-to-end PCI-DSS compliance for the assigned Kong product, including:
Scope definition and validation
Control implementation and documentation
Evidence collection and maintenance
Annual PCI-DSS assessments and certification
Act as the primary point of contact for PCI-related matters, including:
Internal stakeholders
Qualified Security Assessors (QSAs)
Customer PCI inquiries
Ensure PCI controls are embedded into product architecture and operational processes.
Track PCI requirements, changes, and remediation activities to maintain continuous compliance.
Required Qualifications8+ years of experience in Customer Assurance, Security Compliance, GRC, or Trust roles
Demonstrated experience owning end-to-end PCI-DSS compliance programs
Experience supporting customer-facing security and compliance engagements
Prior experience working in SaaS, cloud, or infrastructure platforms
Strong hands-on knowledge of PCI-DSS
Experience managing audits, assessments, and evidence collection
Understanding of shared responsibility models and cloud security controls
Understanding of APIs, cloud-native architectures, or platform security is a strong plus
Excellent written and verbal communication skills
Ability to translate complex compliance requirements into customer- and engineer-friendly language
Comfortable engaging with enterprise customers, auditors and QSAs, and internal leadership and cross-functional teams
Bachelor’s degree in Information Security, Computer Science, or a related field, or equivalent practical experience
PCI Professional (PCIP), PCI Internal Security Assessor (ISA), CISSP, CISA, CRISC, or ISO 27001 certifications preferred but not mandatory
#LI-NS1
About Kong:
Kong Inc., a leading developer of API and AI connectivity technologies, is building the infrastructure that powers the agentic era. trusted by the Fortune 500 and startups alike, Kong's unified API and AI platform, Kong Konnect, enables organizations to secure, manage, accelerate, govern, and monetize the flow of intelligence across APIs and AI models. For more information, visit www.konghq.com.