Posted in

Compliance Manager

Compliance Manager

CompanyActiveCampaign
LocationChicago, IL, USA
Salary$120000 – $165000
TypeFull-Time
DegreesBachelor’s
Experience LevelSenior

Requirements

  • BS in Computer Science, Information Systems, IT or equivalent experience
  • 5+ Years’ experience within an information technology/security role supporting cloud-based solutions
  • Excellent written and verbal communication skills for effective interaction with team members, customers, partners, and auditors
  • Experience with ISMS governance models (such as NIST), information security roles, and creating and implementing security controls ISO, ITIL, NIST, PCI, and SOC
  • Strong risk management and auditing experience
  • Experience with data privacy regulations such as GDPR and Privacy Shield

Responsibilities

  • Champions and leads the ISMS program at an enterprise level, including the development and management of policies and procedures
  • Works within the cross-functional team members and departments to internally audit and collect evidence for implemented security controls
  • Responsible for working with Customer Success resources to assist with information security questionnaires and RFI’s for customers, partners and vendors
  • Development and maintenance of a security and compliance knowledge base, utilized to respond to information security questionnaires and RFI’s
  • Prepares metrics on the effectiveness of the compliance programs, including implementation KPIs for initiatives
  • Leads the ISO 27001 and SOC2 / Type 2 program, working with internal and external auditors
  • Participates as a member of the Incident Response Team (IRT) to assist with oversight as it relates to the ISMS and SOC2 programs
  • Schedules and supports third party pen testing, vulnerability monitoring, security audits, and risk assessments
  • Audits and regularly evaluates company performance for compliance to information security standards
  • Leads the operational risk board and maintains the risk registry
  • Performs additional duties as required
  • Assists with the development, rollout and delivery of security awareness training
  • Works with the Procurement team to perform security related risk assessments within the supplier relationship management program
  • Works with Legal new regulations and participates in discussions regarding new compliance needs

Preferred Qualifications

  • Certification CISSP, CISA, CISM, CompTIA, GSEC, CEH, or similar certification relating to information security preferred
  • Experience defining, driving, and executing a program vision with clear milestones