Come work for a SaaS company that is a leader in the automotive repair industry and has the stability that only a 100+-year-old company can offer.
We are Mitchell 1, a division of Snap-on Inc. For over 100 years, Mitchell 1 has been a leader in providing information solutions that simplify everyday tasks for automotive professionals — helping make their jobs easier. Through the years, Mitchell 1’s products have evolved to keep pace with the industry and technological advances.
We are looking for an IT Security and Compliance Manager. This is a hands-on leadership role in Mitchell1’s information technology and cybersecurity compliance program.
Under the direction of the Director, of Information Technology, the IT Security and Compliance Manager will be a process owner and central point of contact internally and externally for IT compliance, controls, and reporting.
Responsibilities:
- Assures that information security compliance activities support business objectives and are consistent with regulatory standards, security framework best practices, and adhere to enterprise policies and internal controls
- Provides risk guidance for IT projects, including evaluating and recommending technical controls
- Functions as the primary contact for internal and external inquiries regarding data security and compliance, and performs and delegates work accordingly
- Establishes and maintains inquiry process flow and documentation
- Coordinates operational compliance reviews with internal and external auditors and IT subject matter experts to ensure the accuracy of questionnaire and audit responses
- Creates, tracks, and maintains internal repositories and reports regarding compliance reviews, inquiries, responses, and evidentiary demonstration of compliance. Reports compliance gaps and tracks remediation activities
- Performs, maintains, and produces self-assessment reports for SOC 2 Type 2, NIST Cybersecurity Framework, and ISO 27001, and engages with internal and external parties for attestation and certification
- Responsible for aspects of the DR/BC program, including ensuring data replication, backup, and off-site storage policies meet organizational RTO/RPO requirements. This includes establishing, continuously improving, and reviewing DR/BC playbooks
Requirements:
- Must have extensive knowledge of IT Governance and IT Risk Management frameworks and concepts
- Extensive experience and knowledge of regulations and/or contractual obligations including TISAX, SOC 2 Type 2, NIST Cyber Security Framework, ISO 27001, PCI, and Sarbanes-Oxley
- Experience implementing, achieving, and operationally maintaining SOC 2 Type 2, and ISO 27001 compliance
- Must have strong oral and written communication skills
- Strong interpersonal and collaboration skills working in a team-oriented environment
Education/Certifications:
- Bachelor's degree in Cybersecurity or Computer Information Science
- Must have Certified Information Systems Security Professional (CISSP) and ISO/IEC 27001 Implementer security management certifications. Other network, security, and systems/network certifications are highly desired.
Experience:
- 5 years of cybersecurity experience directly related to the responsibilities and requirements listed.
- Prior experience in a senior Information Technology Systems or Network Engineering role
- Prior experience managing a small team