Compliance

SPECIFICATION

This role will manage all Security Compliance Assurance activities for the company and will work across the organization’s functions (Product, Dev and Engineering, HR, IT, Finance, etc.) performing internal audits, product assessments or other assurance and monitoring activities to ensure control requirements are implemented and operating effectively in accordance with relevant regulations and certification or framework requirements. This role will also play a crucial role engaging with external parties, including auditors and customers as needed.

Responsibilities

• Develop and Manage an Internal risk-based prioritized Assurance (Audit) Roadmap for all applicable laws, regulations or monitoring activities
• Motivate, mentor, challenge, and inspire a cross-functional security team
• Perform planned periodic assessments/audits and testing activities against all applicable Security Compliance controls, policies, standards etc
• Run assessments, reviews, and develop reports using tools such as Rapid7, Azure Security Center, and SIEM products
• Communicate audit findings from assessments or audits to Senior Leadership and supporting teams
• Engage and collaborate very closely with the Security Compliance Engagement function on all related tasks and activities
• Work very closely with many cross-functional teams to assist with understanding control gaps and integrating control requirements (HR, Finance, Legal, others etc.)
• Engage directly with Product, Engineering, Legal and other organizational teams on audit engagements and assessments
• Perform audit testing and Security Compliance activities as needed while the team is being developed and evolved
• Manage and communicate Compliance Assurance timelines and roadmap to supporting teams and leadership
• Develop metrics and reporting to demonstrate Compliance Assurance status and progress
• Provide ongoing guidance and consultation to the organization to promote a progressive and sustainable Security Compliance Assurance program
• Work in collaboration with the CISO and CTO to develop and implement a centralized audit evidence repository and GRC tool.
• Cross-train internal resources and develop team members skills and expertise
• Integrate ongoing changes to laws, regulations and frameworks as required into daily activities
• Assist with other Security Compliance activities as required

Qualifications

• 2-4 years working experience within Data Security & Compliance
• 2-4 years of Security Compliance Audit Experience in a Management role
• 2-4 years of people management experience
• Experience auditing against NIST CFS and other security related frameworks
• Experience auditing against GDPR and other privacy related laws or regulations
• Expert understanding of NIST CFS, GDPR, ISO 27001, SOC, HIPAA regulations and framework required
• Expert understanding of Cloud controls and environments
• Expert understanding and demonstrated execution of testing and audit procedures
• Excellent problem-solving, negotiation and decision-making skills
• Successful demonstrated experience managing and working with internal cross-functional teams and product engineering groups