ABOUT US
Xsolla is a global commerce company with robust tools and services to help developers solve the inherent challenges of the video game industry. From indie to AAA, companies partner with Xsolla to help them fund, distribute, market, and monetize their games. Grounded in the belief in the future of video games, Xsolla is resolute in the mission to bring opportunities together, and continually make new resources available to creators. Headquartered and incorporated in Los Angeles, California, Xsolla operates as the merchant of record and has helped over 1,500+ game developers to reach more players and grow their businesses around the world. With more paths to profits and ways to win, developers have all the things needed to enjoy the game.
For more information, visit xsolla.com.
ABOUT THE ROLE
Xsolla is looking for a strong, independent Compliance Manager to lead and own our compliance function end to end. You will be responsible for keeping our existing programs successful (SOC 1 Type II, SOC 2 Type II, PCI Level 1), making them more efficient, and building the roadmap for what comes next (for example ISO 27001, CSA STAR, HITRUST, or other relevant frameworks).
This is a hands-on role for someone who is comfortable operating with a high degree of autonomy, partnering across the business, and bringing a pragmatic, risk-based mindset to compliance.
Our rebooted security program will be based on NIST CSF 2.0, and will leverage that for a universal control set. We are doing this not just to check the box, but refine our program to be mature, highly effective and provide strong risk management to our business and customers. You will ensure that our compliance activities map cleanly to the CSF and fit squarely within the broader security program.
As always true in job descriptions, there is an intangible value that is hard to capture. And we are looking for a diverse set of perspectives and skills who can be successful in this role. Even if you don't match every requirement, we encourage you to apply if you think you'd be highly successful in this role.
RESPONSIBILITIES Key responsibilities includeOwn the compliance function
Lead day-to-day management of Xsolla’s compliance program across SOC 1, SOC 2, PCI, and related obligations. Collaborate with privacy team on data protection obligations like GDPR, CCPA and others globally.Maintain evidence, controls, and documentation necessary for successful audits and assessments.Serve as the primary point of contact for external auditors, assessors, and key customers on compliance topics.Optimize and streamline existing programs
Assess how we currently execute SOC 1, SOC 2, and PCI and identify opportunities to simplify, standardize, or remove unnecessary work.Reduce time and effort spent on low-value activities while preserving (or improving) assurance and control effectiveness.Propose and drive structural changes to the way we run audits, maintain evidence, or controls and evidence.Drive compliance automation and operations
Take ownership of our existing compliance platform (Drata) and use it to automate as much of the program as practical.Design and implement automated control monitoring, evidence collection, and workflow where possible.Partner with engineering, security, and IT to integrate systems and data sources into the compliance stack.Establish metrics and reporting so we can see control posture and audit readiness at a glance.Lead third-party risk management
Design and own our third-party risk management (TPRM) program, including requirements, processes, and standards.Implement and run vendor due diligence and ongoing monitoring, including security and compliance reviews.Work with procurement, legal, security, and business owners to ensure third-party risks are identified, assessed, documented, and tracked.When needed, support deeper technical reviews to understand how we connect to and depend on suppliers.Own security and compliance policy management
Own policy documentation and lifecycle management for the security function.Coordinate with Legal, HR, and other teams to ensure policies are consistent, non-contradictory, and aligned with our security and compliance requirements.Keep policies current with changes in our environment, regulations, frameworks, and business priorities.Align compliance with the NIST CSF-based security program
Map controls, evidence, and obligations under SOC 1, SOC 2, PCI, and future frameworks into our NIST CSF 2.0-based security program.Help ensure a coherent control set rather than a collection of framework-specific checklists.Contribute to broader security program planning and roadmap activities from a compliance and assurance perspective.Partner across the business
Work effectively with teams across Xsolla, from hands-on-keyboard engineers to senior leadership including the CEO.Communicate clearly, candidly, and constructively about compliance requirements, tradeoffs, and risk.Support customer-facing teams with responses to security questionnaires and due diligence requests. WHAT YOU BRING Strong, demonstrated experience in security, IT, or risk-focused compliance roles.Direct experience running or heavily supporting one or more of: SOC 1, SOC 2, PCI.Comfort with technical environments (cloud, modern engineering practices, SaaS platforms) and the ability to translate between technical details and control requirements.Experience with compliance automation or compliance operations, ideally including hands-on work with platforms like Drata or similar.Strong written communication skills, especially in asynchronous, distributed environments.Proven ownership mindset: you are comfortable taking a problem, structuring it, driving it, and keeping stakeholders informed without heavy day-to-day direction.Ability to work across functions and levels, tailoring communication for engineers, business leaders, auditors, and executives.A pragmatic, risk-based approach to compliance: you focus on outcomes and risk reduction, not just on checking boxes. NICE TO HAVE 4+ years of experience leading Compliance for a global, SaaS company.Experience implementing or operating against ISO 27001, ISO 27701, HITRUST, CSA STAR, or similar frameworks.Experience designing or maturing a third-party risk management program.Familiarity with NIST CSF 2.0 and its application to a modern SaaS / services environment.Experience in the games, payments, or fintech ecosystem.Relevant certifications (for example CISA, CISM, CISSP, CRISC) are a plus, but not required.Formal education in a related field is welcome, but equivalent practical experience is valued just as highly. Additional Information Benefits:
We are passionate about fostering a supportive environment for our team, so we prioritize the physical, mental, and emotional well-being of our employees and their families through a comprehensive Benefits Program. This includes 100% company-paid medical, dental, and vision plans, unlimited Flexible Time Off, and a personalized career roadmap for each employee. By investing in professional development through training and educational opportunities, we ensure that our team thrives both personally and professionally. Together, we’re not just building a business; we’re cultivating a community that values creativity, collaboration, and the transformative power of play.
By submitting the following job application form, you consent to Xsolla processing your data for career-related inquiries and potential employment opportunities. We process your data in accordance with this
Xsolla Privacy Notice for Job Applicants. Please direct any inquiries regarding your data privacy to careers@xsolla.com.
