Job Description

JOB DESCRIPTION

As an Information Security and Compliance Manager, you will identify, manage, and report on the company’s security, regulatory, and compliance obligations.  Responsibilities will include performing reviews, assessments, and audits, conducting research, and facilitating communication to internal and external stakeholders where necessary.  The position will monitor, coordinate, and implement policies, standards, procedures, controls, and guidelines to support security, compliance, and audit requirements.

Responsibilities:
•    Develop, review, and modify information security and privacy policies.
•    Improve existing compliance programs and processes.
•    Design and execute audit procedures to assess and measure company compliance with its security policies and procedures.
•    Monitor advancements in information privacy laws to ensure organizational adaptation and compliance.  
•    Evaluate security incidents for violations of privacy principles or legal standards.
•    Manage compliance testing and monitoring of current and future regulatory obligations, and other regulatory matters as required. 
•    Conduct internal security risk assessments and security compliance audits.
•    Establish IT security audit procedures relevant to SOC1 and client requests
•    Coordinate third-party audits.
•    Develop materials and tools to effectively communicate compliance and corporate requirements.
•    Develop and maintain Risk Register for Security and devise a plan for mitigation.
•    Develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities.
•    Collect, analyze, and prepare reports required for senior management, regulators, and other relevant stakeholders.
•    Document, investigate, and report cybersecurity compliance issues and incidents, where necessary.
•    Work with business leaders to ensure information security risk findings are reviewed and solutions are implemented.
•    Understand, develop, and deliver meaningful reports on the program state and adherence to frameworks and standards.
•    Lead the escalation and resolution of risk and compliance issues with appropriate stakeholders.
•    Liaise with relevant parties to commission activities related to contingency planning, business continuity management, and IT disaster recovery.
•    Develop and maintain a vendor security and compliance program.
•    Assist the Business team in responding to RFPs and security questionnaires; maintain a library of security and compliance RFP responses.

Requirements:
•    Significant knowledge and experience with legal, privacy, and regulatory compliance standards such as SOC1
•    The ability to work in a fast-paced environment and the skills to deal with ambiguity.
•    Experience with IT governance, risk, and compliance management.
•    Experience coordinating tasks to complete third party assessments.
•    Experience writing policies, procedures, and controls in one or more standards/frameworks.
•    Experience working with web security vulnerability scanning tools such as Qualys and BURP
•    Knowledge of computer networking concepts and protocols and network security methodologies.
•    Knowledge of risk management processes.
•    Knowledge of cyber threats and vulnerabilities.
•    Experience with Risk Management in both a compliance and security context.
•    The ability to work in a fast-paced environment and the skills to deal with ambiguity.
•    Ability to handle multiple competing priorities.

Qualifications:
•    Bachelor's Degree with 5 years of related experience with a focus on security and compliance
•    Master's Degree with 3 years of related experience preferred
•    Equivalent work experience may substitute for degree requirement
•    3+ years of related work experience
•    CISSP - Certified Information Systems Security Prof preferred or
•    Certified Information Security Manager preferred or
•    Certified in Risk and Information Security Controls