POSITION SUMMARY

We are looking to hire an experienced Security Compliance Manager to lead our efforts in obtaining and maintaining various security frameworks. You will be required to collaborate with coworkers and auditors to meet security compliance controls as well as enhance security compliance capabilities. As our Security Compliance Manager, you will have complete ownership and accountability of monitoring, controls, policy updates, access control, and risk management.

ESSENTIAL DUTIES AND RESPONSIBILITIES

The essential functions include, but are not limited to the following:

• Oversee the execution of our Information Security program for evaluating and maintaining compliance with industry standards (ISO 27001, SOC 2, GDPR, NIST, etc.) while ensuring we maintain high-security standards with ongoing compliance or controls
• Manage the implementation plans for new frameworks
• Manage internal and external audits, including properly adhering to regulatory expectations and ensuring audit evidence for relevant compliance frameworks is maintained
• Work with our Engineering and Support teams to identify process improvements and efficiencies in areas of access management and general technology process controls
• Provide compliance, risk, and controls expertise to support information security and compliance initiatives
• Adhere to and champion policies, guidelines and procedures pertaining to maintaining and gaining additional certifications
• Define, develop, implement, and maintain our policies and processes that enable consistent, effective privacy practices that minimize risk and ensure the confidentiality of protected information across all media types

MINIMUM QUALIFICATIONS (KNOWLEDGE, SKILLS, AND ABILITIES)

• Bachelor’s degree in computer science, information technology, or relevant field preferred. Will consider additional years of experience and/or certifications in lieu of Degree
• Minimum three (3) years operational experience implementing, assessing, interpreting, and auditing various security/compliance/regulatory frameworks, such as (but not limited to) SOC 2, ISO 27001, GDPR, NIST CSF, FedRAMP, etc.
• Experience with common cloud service provider technologies and their use in support of security and compliance objectives
• Strong written and verbal communication skills, including the ability to clearly articulate, educate on, and discuss information security and compliance topics with customers and coworkers of all technical and knowledge levels and positions, maturely navigate auditor interactions, and prepare deliverables
• Proven analytical and problem-solving abilities
• Can work independently and with teams to identify and resolve challenges and overcome roadblocks
• Preferred Certifications: CISSP, CCSP, CCSK, and/or ISO 27001 LI/LA