Security Compliance Manager

Summary

Join Level Access as our Compliance Manager and report to the Senior Director of Information Security. You will play a key role in implementing, maintaining, and expanding FedRAMP and GovRAMP Authorizations. Responsibilities include managing the Security Awareness Program, supporting SOC 2 and ISO 27001 compliance, handling cyber insurance and contractual security requirements, and assisting with privacy compliance and second-party audits. You will also monitor and maintain acceptable risk levels. This is a full-time salaried position offering a competitive benefits package, including bonus opportunities and unlimited vacation/FTO. Salary is commensurate with experience.

Requirements

• Bachelor's degree in information security and three to five years of experience, or equivalent work experience of four to six years
• Familiarity with common security standards. Preferably NIST SP 800-53b, or others such as ISO 27001, or AICPA SOC 2
• Experience working in or with a security or privacy compliance function
• Keen proponent of formal business process, with a bias towards automation
• Analytical and problem-solving skills, with the ability to prioritize and handle multiple tasks in a fast-paced environment
• Good communication and interpersonal skills, with the desire to work collaboratively
• Attention to detail and a proactive approach to identifying and mitigating risk

Responsibilities

• Implement and monitor regular compliance activities, ensure corrective actions are implemented in a timely manner, and work with cross-functional teams to maintain compliance with established controls
• Develop and maintain FedRAMP documentation and other documentation to facilitate and communicate compliance
• Conduct weekly, monthly, quarterly, and annual FedRAMP continuous monitoring activities to maintain compliance and stakeholder satisfaction
• Coordinate and lead FedRAMP annual assessments and penetration tests, facilitating the assessments, and acting as the primary point of contact for auditors
• Coordinate annual verification activities such as external assessments, business continuity testing, and business impact analysis to validate key controls and identify deficiencies
• Operate the security awareness apparatus including course design, phishing simulations, reporting and business support
• Take part in the FedRAMP on-call support roster – being available to respond to rare but possible critical security alerts
• Oversee tactical projects to mitigate risk, enhance compliance, facilitate business operations, or enhance efficiency

Preferred Qualifications

• Experience building modern SaaS applications
• Interest or prior experience within information security and data privacy
• Security certifications and/or formal education
• Understanding of web accessibility

Benefits

• Competitive benefits package
• Bonus opportunities
• Unlimited vacation/FTO