Security and Compliance Manager

IOActive, Inc. • Remote (United States, US) • 3m ago

Established in 1998, IOActive is an industry leader that offers comprehensive computer security services with specializations in smart grid technologies, software assurance, and compliance. Boasting a well-rounded and diverse clientele, IOActive works with a majority of Global 500 companies including power and utility, game, hardware, retail, financial, media, travel, aerospace, healthcare, high-tech, social networking, and software development organizations.

We are seeking a dynamic and experienced security and compliance manager/analyst to join our team as the first individual to hold this position. In this role, you willbe responsible for identifying and drivingIOActive’s information security and compliance initiatives, with a strong emphasis on the technical facets of risk management and compliance, while also ensuring alignment with business objectives, regulatory requirements and industry standards. We are looking for an individual with an entrepreneurial, inquisitive mind, who is willing to dig in deep and blaze a path in this realm. You will have a knack for being five steps ahead of the game and a keen ability to explain security and compliance topics to internal stakeholders and clients. We are looking for someone who isn’t afraid to roll up their sleeves and work to further our mission of making the world a safer and more secure place.

Key Responsibilities:

Build a culture of information protection, security and compliance, by developing and managing our information security strategy, and developing appropriate policies, training and resources.
Drive compliance with all technical components of applicable legal, regulatory, and industry standards related to information security and privacy (e.g., ISO 27k, GDPR), with an immediate focus on becoming certified in ISO 27001.
Lead risk assessment and management activities, identifying and mitigating potential security risks to the organization, and ensuring they are integrated across all departments.
Provide front-line support for customer diligence requests, assessments, attestations, and audits.
Audit, assess, and continually monitor IOActive’s handling of sensitive data and compliance with applicable regulations an requirements.
Coordinate with IT and other departments to ensure effective security measures are in place and compliant with GRC requirements.
Oversee the response to security incidents and breaches, including investigation and reporting.
Manage relationships with external auditors and regulatory bodies for security compliance and audits.
Provide leadership and direction to the information security team, ensuring continuous development and training.
Be a shared resource for leadership and other departments. You will provide security and privacy guidance for company data, customer information, and systems infrastructure.

Requirements:

5+ years of hands-on experience in the cybersecurity industry or with technology consulting working directly on security and compliance initiatives.
Proven experience in an information security leadership role with a strong background in GRC.
Experience bringing organizations into compliance with ISO 27001. Experience in data protection is highly desirable.
Proven technical skills, including familiarity or direct technical experience with identity and access management, data protection, and technical compliance standards.
Self-starter approach with a drive to create, build, and roll out resources designed to protect the company and its customers.
An ability to quickly learn the business’s infrastructure and guide stakeholders.
A passion for cyber security and stay up to date on the latest developments and trends.
Foresight and background enabling you to contour policies and processes that are appropriate for a company at our stage and inspire rapid adoption and adherence by all teams.
Operational specialist who can establish, maintain and document controls, supervise compliance with the controls, and update the controls when new risks emerge.
Comprehensive knowledge of information security standards, frameworks, and regulations.
A knack for making thoughtful, actionable recommendation and quickly building consensus with senior-level internal stakeholders.
Experience in managing cross-functional teams and projects.
Exemplary communication skills to ensure communications with non-technical teams and customers on technical matters is digestible and persuasive.

IOActive offers all the advantages one would expect from an industry leader including a competitive salary and comprehensive benefits package including medical, dental, and vision insurance; holiday and vacation pay; 401K; FSA; and much more.

IOActive is an equal opportunity employer. IOActive makes all decisions involving any aspect of the employment relationship without regard to race, color, sex, creed, religion, age, marital status, national origin, citizenship, the presence of any sensory, mental, or physical disability, veteran status, sexual orientation, or any other status or characteristic protected by law. Discrimination and/or harassment based on any of those factors are inconsistent with our philosophy of doing business and is prohibited. This policy of non-discrimination applies to all aspects of recruiting and employment, including compensation, benefits, promotion, transfers, and terminations. Each employee also is responsible for maintaining a non-discriminatory workplace.

Apply