Remote Security Assurance Compliance Manager

Background

Accumulus Synergy is a nonprofit trade association working on behalf of industry to address the global need for digital transformation. To help solve for this need, Accumulus is developing a transformative data exchange platform to enable enhanced collaboration and efficiency between life sciences organizations and National Regulatory Authorities worldwide. The Accumulus Platform aims to improve efficiencies in the regulatory process by leveraging advanced technology, including data science and AI, as well as tools for secure data exchange to improve patient safety, help reduce the cost of innovation, and ultimately bring patients safe and effective medicines faster. Accumulus is working with key stakeholders in the life sciences - regulatory ecosystem to build and sustain a platform that aims to meet regulatory, cybersecurity, and privacy requirements spanning clinical, safety, chemistry and manufacturing, and regulatory exchanges and submissions. Accumulus Synergy sponsors include Amgen, Astellas, AstraZeneca, GSK, Johnson & Johnson, Lilly, Merck, Pfizer, Roche, Sanofi, and Takeda.

Job Description

We are seeking a skilled and experienced Security Assurance Compliance Manager to lead and manage our organization’s compliance program. Reporting to the Director of Security Assurance, this role focuses on achieving and maintaining security certifications and attestations, mitigating security risks, and developing strategies for continuous improvement. The ideal candidate will have a strong background in compliance for SaaS applications, deep knowledge of security control frameworks, and a proactive approach to managing security compliance. You will partner with key stakeholders across the business to ensure our security programs meet industry standards and regulatory requirements.

Responsibilities

• Develop and Manage the Compliance Program
• Achieve and maintain security certification and attestations
• Identify security risks through continuous control monitoring
• Partner with Risk Manager and stakeholders to mitigate risk
• Identify observations and drive remediations, adhering to strict SLAs
• Conduct audits or evaluations to verify compliance with defined standards
• Create test plans and directs security control test activities
• Maintain the Customer Assurance Package and other self-service customer security resources (Trust Center)
• Complete customer security assessments, questionnaires and other sales enablement activities
• Provide recommendations to stakeholders to design and maintain controls that map to compliance requirements
• Monitor drafts and changes to relevant laws, executive orders, directives, regulations, policies, standards and guidelines.
• Maintain standard Security Assurance Knowledge Base (SAKB)
• Maintain handbook pages, procedures and runbooks related to Security Compliance programs
• Partner with stakeholders to design, engineer, deploy, and maintain Security Assurance automation and tools (Metrics, Trust Center, SAKB, Controls, OSCAL, etc)

Qualifications

• A minimum of 5 years of experience defining and shaping compliance programs for SaaS applications in regulated markets
• Demonstrated experience with control frameworks (e.g., SOC 2, ISO, NIST, CIS, COBIT)
• Detailed knowledge of audit methodologies and standard deliverables
• Strong understanding of compliance within cloud-native technology stacks
• Experience with Vanta, continuous control monitoring and automated evidence collection.
• Preferred:
  • Experience with OSCAL
  • Experience with Terraform
  • Experience scripting evidence collection automations

Benefits

While we hope the Accumulus mission is what really attracts you, we also have a lot to offer. Organizations are built by great people, and to attract great people you need to offer a great employee experience. Accumulus can provide:

• Very competitive compensation w/ bonus plan. We must compete with big names in tech & pharma for top talent and compensate accordingly.
• 401(k) contribution, immediately vested
• A full benefits package: multiple health plans, vision, dental, life, and disability insurance
• 100% remote work. Accumulus is a fully remote organization, and we intend to remain so
• Experienced leadership to mentor you. We have drawn successful leaders from the biopharma industry with a deep understanding of regulatory affairs and combined them with similarly successful leaders in SaaS product development. Learning opportunities abound.

Unsolicited Contact Policy

Please note that we do not consider resumes submitted by unsolicited third-party recruitment firms. Additionally, we kindly request that candidates refrain from sending unsolicited resumes or making unsolicited contact directly to Accumulus employees. To be considered for any open positions, please utilize our online job application system. We appreciate your cooperation and understanding.

Important Notice: Please note that all official communication from Accumulus Synergy Inc. regarding this job application will be conducted through an email address ending in @accumulus.org. If you receive any communication from an email address that does not match this domain, please disregard it as it may not be legitimate.