Manager, Information Security & Compliance

Summary

Join Granicus as an Information Security Manager with CJIS compliance experience to manage criminal justice information systems, maintain CJIS compliance, and manage audits. You will manage a complex information security and compliance program encompassing various frameworks (CJIS, ISO 27001, SOC 2, PCI, FISMA, HIPAA, CyberEssentials, StateRAMP, and TxRAMP). This role involves managing compliance controls, organizational security improvements, external audits, and third-party risk. You will collaborate with cross-functional teams and lead continuous improvement reviews. The ideal candidate possesses extensive experience in information security, CJIS compliance, and managing multiple compliance frameworks. Granicus offers a competitive benefits package.

Requirements

• 7+ years in information security, with at least 3 years managing an information security team
• 5+ years managing CJIS compliance programs and audits
• Demonstrated expert level knowledge and experience with CJIS policies, procedures, and compliance requirements
• Experience managing multiple compliance frameworks, such as FedRAMP, other *RAMP programs, FISMA, CJIS, SOC 2 Type II, HIPAA, PCI, ISO 27001, CyberEssentials
• Proven track record of managing large-scale security programs and initiatives, working with cross-functional teams
• Experience managing third party audits, such as FedRAMP, ISO 27001, and SOC 2 in order to manage audit planning, audit activities, and projects to build out audit runbooks
• Experience working with a robust product set of software and cloud services, including SaaS offerings hosted in AWS, Azure and/or GCP
• Strong understanding of cloud security controls, including network security and data protection controls
• Familiarity with common security technologies, including SIEM, firewalls, IDS/IPS, encryption tools, and endpoint protection
• Excellent leadership and interpersonal skills; strong communication skills, written and verbal
• Experience working with software development and cloud operations teams at a SaaS and software company
• Ability to communicate complex requirements and security concepts to technical and non-technical teams
• Detail-oriented and able to manage multiple projects effectively

Responsibilities

• Manage the CJIS program, including CJIS policies, procedures, and audits
• Serve as the CJIS expert, providing guidance for planned product or roadmap changes that may impact the CJIS environment or program
• Perform regular internal CJIS compliance audits and manage the external CJIS audits, including to support customer CJIS programs or FBI audits
• Manage overall compliance and audit program, including TxRAMP, StateRAMP, ISO 27001, SOC 2, PCI, HIPAA, FISMA, and Cyber Essentials
• Lead and manage the security program initiatives, ensuring alignment with Granicus’ security objectives
• Maintain and develop additional audit runbooks, documenting control implementation, evidence requirements, and internal references
• Manage internal and external audits, including scheduling the audits, preparing internal teams for audit discussions, managing evidence requests, and tracking findings or continuous improvement recommendations
• Drive compliance control management program improvements, including common control mapping and template creation
• Collaborate with cross-functional teams for PCI program efficiencies across multiple products
• Lead continuous improvement reviews for response and recovery, including incident response, backups, failover / switchover, disaster recovery, and business continuity
• Manage the Third Party Risk Management program and partner with the Procurement working group
• Manage review and update of CJIS policies and procedures documents
• Support review and update cycles of other information security policies and trainings, along with other security stakeholders
• Manage internal and external customer requests
• Manage and grow the security answer library, customer resources, and internal FAQ
• Maintain and create additional customer security collateral to enable pre and post sales customer resources
• Other duties as assigned

Preferred Qualifications

• Experience working in a highly regulated environment is a plus (e.g., CJIS, HIPAA, FISMA, government, finance/banking, healthcare, or FedRAMP / DoD IL)
• Relevant degrees or security certifications are a plus, such as CISSP, SEC+, CISM, CISA, CDPSE, or equivalent

Benefits

• Flexible Time Off
• Medical (includes an option that is paid 100% by Granicus!), Dental & Vision Insurance
• 401(k) plan with matching contribution
• Paid Parental Leave
• Employer-paid Short and Long Term Disability Insurance, Group Term Life Insurance and AD&D Insurance
• Group legal coverage