Security Compliance Manager

Summary

Join Level Access as their Compliance Manager and ensure the organization maintains adherence to legal standards, compliance frameworks, and internal policies related to information security and data protection. Support FedRAMP Authorization, SOC 2 and ISO 27001 compliance, cyber insurance and contractual security requirements, and privacy compliance. Provide support for second-party audits and help monitor and maintain acceptable risk levels. This role involves implementing and monitoring compliance activities, establishing compliance metrics and reporting, coordinating third-party audits, conducting internal audits, and performing vendor security vetting. The position requires collaboration with cross-functional teams and managing various projects to mitigate risk and enhance compliance. This is a full-time salaried position offering a competitive benefits package.

Requirements

• Bachelor's degree in a business or technical field and three to five years of experience, or equivalent work experience of four to six years
• Familiarity with security or compliance standards such as ISO 27001, AICPA SOC 2 or ISO 9001
• Exposure to technical disciplines such as ITSM, software development, infrastructure or computer networks
• Keen proponent of formal business processes, with a bias towards automation
• Analytical and problem-solving skills, with the ability to prioritize and handle various tasks in a fast-paced environment
• Good communication and interpersonal skills, with the desire to work collaboratively
• Attention to detail and a proactive approach to identifying and mitigating risk

Responsibilities

• Implement and monitor regular compliance activities, ensure corrective actions are implemented in a timely manner, and work with cross-functional teams to maintain compliance with established controls
• Establish and maintain vulnerability and compliance metrics and reporting mechanisms utilizing automation and tools to streamline compliance processes and ensure timely and accurate reporting
• Coordinate and lead customer and third-party audits to ensure compliance with ISO 27001, SOC 2, and other applicable standards and regulations, acting as the primary point of contact for auditors and facilitate the audit process
• Run and conduct the internal audit program to validate key controls and facilitate external compliance objectives
• Coordinate annual verification activities such as external assessments, business continuity testing, and business impact analysis to validate key controls and identify deficiencies
• Perform security and privacy vetting of proposed and incumbent vendors to handle risks through supplier relationships
• Oversee tactical projects to mitigate risk, enhance compliance, facilitate business operations, or enhance efficiency
• Develop and retain control documentation and other documentation to facilitate compliance and communicate requirements

Preferred Qualifications

• Interest or prior experience within information security and data privacy
• Security certifications and/or formal education
• Understanding of web accessibility

Benefits

• Medical insurance
• Unlimited vacations/FTO