Associate Director, Security & Compliance

About The Position

Requirements

• 7+ years of experience in information security, compliance, or related field
• 3+ years in a leadership or management role
• 3+ years working in a SaaS (software-as-a-service) product environment, preferably in a security or engineering oriented role
• 2+ years managing third-party audits and vendor security assessments
• Demonstrated experience building or significantly maturing a compliance program
• Proven experience with compliance frameworks such as SOC 2, NIST, ISO 27001, or similar
• Excellent written and verbal communication skills, with the ability to translate technical risk into business terms
• Able to effectively collaborate cross-functionally amongst engineering, product, legal, HR, and corporate IT functions
• Familiarity with cloud security in AWS environments
• Bachelor’s degree

Nice To Haves

• 2+ years working with GRC tooling and/or security automation
• Strong working knowledge of K-12 education privacy regulations (FERPA, COPPA, state student data privacy laws)
• Master’s degree preferred

Responsibilities

• Establish security and compliance priorities and roadmaps aligned with Digital department risk and objectives
• Design, implement, and own a comprehensive compliance program, including policies, procedures, control frameworks, and training materials
• Provide strategic direction for application security practices, including secure SDLC, shift-left, and penetration testing
• Develop and track key metrics to measure program maturity and report progress to Digital leadership
• Coordinate and manage audit activities with third-party audit partners
• Partner with Legal to interpret regulatory requirements and translate them into actionable engineering and operational controls
• Drive security awareness initiatives across the broader organization
• Represent Great Minds interests in relevant industry groups or associations