Security Compliance Manager

Posted 27 June 2024
Salary $140,000
LocationUnited States of America
Job type Permanent
Discipline InfoSec
Reference759804

Job description

Security Compliance Manager (US, Remote)

Our client is the premium provider of Cyber Threat Intelligence globally, looking for a
Security Compliance Manager to join their Governance and Risk team. Handling activities
across the business, from security compliance certs and audits, to risk management and
vendor management. This role is fully remote - located anywhere in the US.
We are looking for an experienced Security Compliance Manager to be responsible for
implementing, monitoring and maintaining effective security controls. This will include
engaging in cross-functional collaboration, as well as playing a part in key decision-
making.

This role will report to the company General Counsel. Please note, this role involves
occasional travel within the United States, Europe and Asia.

The ideal candidate will hold experience with the following frameworks:
  • SOC 2
  • ISO27001
  • PCI
  • FFIEC
  • NIST
  • CSF
  • GLBA
  • CMMC
Key Responsibilities:
  • Oversee security audit and governance management: optimize year-round
    compliance, audit and regulatory efforts.
  • Maintain and evolve their integrated cybersecurity controls framework and
    programs.
  • Monitor and report on compliance against the company's policies and standards.
  • Facilitate governance and track remediation for vulnerabilities and deficiencies
    and establish and implement resolutions based on risk impact and criticality.
  • Execute existing and new compliance initiatives.
  • Independently conduct compliance quantitative assessments.
  • Maintain a cybersecurity risk register.
  • Compile and present compliance posture to senior leadership.

Preferred Skill, Qualifications:
  • BS degree in Computer Information Systems or related field.
  • Relevant certification (e.g. CISA, CISSP, PCI QSA, AWS certifications) or equivalent
    expertise.
  • Considerable experience with leading security governance, risk & compliance
    initiatives.
  • Experience onboarding and monitoring cybersecurity controls in cloud
    environments (specifically AWS).
  • Experience managing SOC 2, NIST CSF, PCI DSS, SOX ITGC, GLBA or other
    compliance standards and framework programs.
  • Strong knowledge of security risk management and running audits/certification
    programs.
  • Comfortable working in a fast-paced, dynamic & diverse environment, and
    managing multiple projects concurrently.
  • Big 4, or management/IT consulting experience preferred.
  • Have knowledge of NIST 800-53/800-37, NIST CSF, SOC 2, PCI, and/or ISO 27001
    standards, integrated controls framework, and evaluating design and
    effectiveness of IT controls working directly with auditors, regulators, investors.
  • Experience defining compliance roadmaps based on customer requirements,
    compliance documentation, and ensuring that committed assessments are
    delivered on schedule.
  • Technical fluency; comfortable understanding and discussing technology
    concepts, experience evaluating trade-offs and new opportunities with technical
    team members