Information Security Compliance Manager
Who We Are
AuditBoard is a high-growth SaaS company in the financial technology space that is transforming the way organizations manage critical risk, audit and compliance initiatives. We believe in empowering enterprises to manage and control risk so that their businesses are able to thrive.
Designed by former chief audit executives, our enterprise cloud platform is purpose-built to automate and streamline activities in ways that align with how our thousands of users think and act daily. Clients range from pre-IPO organizations to Fortune 5,000 companies, including leading organizations such as WeWork, Activision Publishing, Lions Gate Entertainment Corp., TripAdvisor, Arthur J. Gallagher & Co. and Cox Communications, among many others.
Who We Are Looking For
AuditBoard is looking for an Information Security Compliance Manager with advanced and demonstrated people management experience working with SOC2, ISO 27001/17/18, PCI DSS, FedRAMP, CSA Stars, Privacy Framework such as GDPR, Privacy Shield, HIPAA, and other regulations or Compliance Frameworks. This role will manage all Security Compliance activities for AuditBoard and will work across the organization's functions (Engineers, DevOps, Security, Product, IT, HR, Legal groups etc.) to ensure requirements are understood and controls are implemented correctly. This role will also play a crucial role engaging with external parties, including auditors, customers, and vendors as needed.
We’re based in Los Angeles, growing rapidly and looking for bright, motivated people to join us! Learn more at auditboard.com.
- Manage all Internal & External Security Compliance engagement activities
- You will build and manage the programs supporting our existing and ongoing compliance control activities and initiatives
- Motivate, mentor, challenge, inspire and grow the Compliance team
- Implement and mature a Unified Control Framework supporting ISO 27001, PCI DSS, GDPR, HIPAA, SOC2, FedRAMP together with supporting policies and standards
- Work very closely with many cross-functional teams to communicate and integrate control requirements (HR, Finance, Legal, others etc.)
- Manage a team that will engage directly with Product Engineering through all phases of product design, implementation and ongoing maintenance of Security Compliance activities
- Manage and communicate compliance requirements, timelines and roadmap to supporting teams and leadership
- Drive project activities to ensure requirements and schedules are met
- Identify and manage risks and work with project teams to identify appropriate solutions
- Manage, track and report compliance related remediation to project teams and Management
- Maintain ongoing oversight of concurrent, company-wide programs and ongoing initiatives impacting Security Compliance
- Develop metrics and reporting to demonstrate Compliance status and engagement
- Communicate the Compliance posture and effectiveness to Management on a scheduled basis
- Work closely with the Security Compliance Assurance team on audit findings and related remediation
- Prepare and manage reviews or assessments related to Compliance
- Provide ongoing guidance and consultation to the organization to promote a progressive and sustainable Security Compliance Engagement program
- Develop and work with supporting teams to develop an automated control strategy and exception reporting process
- Develop a strategy to implement and maintain a centralized audit evidence repository to support all Security Compliance evidence gathering and maintenance activities
- Develop and implement a Customer Engagement strategy and supporting knowledgebase
- Partner with the Security Risk team to implement a GRC tool
- Cross-train internal resources and develop team members skills and expertise
- Integrate ongoing changes to laws, regulations and frameworks as required into daily activities
- Assist with other Security Compliance activities as required
- 7-9 years working experience within Data Security & Compliance
- 5 years of Data Compliance Management experience that includes managing people (direct people management)
- BS or MS in computer science or related field
- Expert understanding of PCI DSS, GDPR, ISO 27001, SOC, HIPAA regulations and frameworks. FedRAMP would be a plus.
- Expert understanding of Cloud Controls and environments
- Strong understanding of common compliance frameworks such as COBIT, COSO, ISO 27K, HITRUST and industry recognized guidance such as NIST
- A strong foundation in IT solutions development and deployment
- Practical understanding of IT Security Compliance, risk management and information security principles including access control, network security, information security architecture, information security operations, and leading practices and associated tools in a cloud environment (AWS).
- Strong analytical, diagnostic, critical thinking and project management skills
- Excellent problem-solving, negotiation and decision-making skills.
- Superb ability to represent data in graphical form
- Excellent written and oral communication skills
- Strong Engagement skills (Internal & External)
- Demonstrated experience managing Compliance activities as part of a company (not just in a consulting capacity)
- Experience implementing a Common/Unified control framework
- Successful demonstrated experience managing and working with auditors
- Successful demonstrated experience managing and working with internal cross-functional teams and product engineering groups
- Successful demonstrated experience communicating and reporting to Senior leadership
Why You’ll Love Life at AuditBoard
- You’ll be launching a career at a well-funded, hyper-growth SaaS tech company
- Free daily catered lunches
- Stock options
- Unlimited snacks and beverages
- Free gym membership
- Medical, dental, and vision coverage for full-time employees
- 3 weeks of Paid Time Off and 10 holidays per year
- 401k to save for your future
- Fun company and team outings - Work Hard Play Hard!