Director of Security and Compliance

About The Position

Requirements

• 3-5 years specific job experience needed for an IT security and compliance manager/director includes a solid background in information security practices, experience with regulatory compliance frameworks like (SOC II, HITRUST, NIST, ISO 2700 1).
• Familiarity with risk management methodologies, and hands on experience with security technologies and audits.
• Experience in leading security assessments, managing incident response activities, and developing security policies and procedures is high valued.
• Communication skills for conducting and leading audit related activities with clients and for internal company’s framework audit compliance with audit partners. Knowledge of organizational risk related strategies, technical skills to understand ever evolving cyber security tools industry and to understand implementation of several security requirements like encryption, network security etc.
• Leadership qualities and presentation skills to aid with bringing up the company’s security and compliance related the risk up to the executives.
• Minimum requirement of a bachelor’s degree.

Nice To Haves

• CIM, CISSA, CISP, CRISC- either certification is preferred.

Responsibilities

• SOC 2 TYPE II, HITRUST, NIST, CSAT- enforce and ensure security and compliance requirements.
• Perform client assessments, complete IT security questionnaires- In person and remove IT and compliance audits.
• Remediate findings from Pen test, vulnerability assessments, client audits finding, on periodic basis.
• Review companies’ policies and procedures on an annual basis.
• Conduct periodic phishing campaigns, security awareness training, provide additional training to failures and compiling report for company’s security awareness posture based on campaigns and training.
• Prepare and project all the company’s security and compliance related risk so they can be presented to the executive/ board.
• Assign tasks to the direct repair in terms of tool deployments or other technical tasks.
• Asses the security posture of the company by conducting external party audits- assess AWS security and conduct periodic audits on the AWS environment of the company.
• Budgeting and resource allocation: Managing the budget for IT security, including the purchase of security technologies.
• Stay updated on security tends and regulations Keeping abreast of the latest cyber security threats, trends, and emerging technologies, as well as changes in laws and regulations affecting cyber security.
• Vendor and third-party risk management: Assessing and managing he risks associated with third party vendors and service providers, especially those who have access to the organizations data or IT systems.
• Managing security technologies” Overseeing the deployment and maintenance of security tools such as firewalls, anti-virus software, and intrusion detection systems to protect against threat.
• Regularly evaluating the organizations IT infrastructure
• Conducting system recovery testing, back up testing, RTO-RPO for business continuity.
• Providing strategic advice to senior management on security threats, risk management, and the impact of regulatory changes on the organizations IT infrastructure and business operations.
• Evaluate company’s IT posture to compare against competitors and ensure strengthening of the security infrastructure accordingly.
• Incidence response and develop strategy to address different types of security related incidents to endure response time is reduced to keep up with the business requirements.
• Design and implement guidelines that align with business objectives and regulatory requirements.
• Preparing for audits, addressing compliance gaps, and maintaining documentation.

Benefits

• paid time off
• holiday pay
• health, dental, and vision insurance
• life insurance
• an education assistance program
• short- and long-term disability
• wellness resources
• identity theft protection
• 401k with employer match