Information Security Compliance Manager (INDG)

About The Position

Requirements

• Bachelor's Degree or equivalent experience; advanced degree or industry certifications (CISM, CISA, CISSP, ISO 27001 Lead Auditor/Implementer) a plus.
• 4 years of progressive experience in Risk Management, Compliance, Information Security or Technology Management role.
• Experience with common Information Security Compliance standards and frameworks (such as, ISO 27001/2, PCI, SOC 1/2/3, and NIST etc.).
• Demonstrated security assessment, risk analysis, gap analysis, auditing, causal analysis, corrective action planning, and compliance assessment experience.
• Strong communication and presentation skills, with the ability to influence executives and collaborate with technical teams.
• Demonstrated success in managing customer trust initiatives, vendor risk processes, and audit readiness.
• Ability to balance strategic program oversight with hands-on execution when necessary.

Responsibilities

• Support ownership of the information security compliance roadmap, ensuring alignment with organizational priorities.
• Act as a trusted advisor to senior leadership, providing insights on security risk, compliance obligations, and emerging regulations.
• Support all security & privacy compliance efforts including but not limited to, SOC, GDPR, CCPA, privacy by design, etc.
• Develop, maintain, and enforce internal information security compliance policies, standards, and controls across diverse systems and platforms.
• Manage the vendor risk management lifecycle: onboarding, due diligence, and ongoing monitoring.
• Interface with vendors and business leads to clearly understand their risk profile.
• Represent Information Security in customer security assessments, RFPs, and compliance discussions.
• Conduct investigations of data security risks and provide consultation to internal and external stakeholders to mitigate risk.
• Develop and implement companywide information security training and awareness programs.
• Define and drive risk management and compliance goals for the organization.
• Participate in both internal and external audit activities; aid in compliance audits in support of ISO 27001/2, SOC, etc.
• Collaborate with teams across the organization to ensure continued compliance to policies and security standards.
• Monitor and assess risks related to emerging technologies such as Artificial Intelligence, data governance platforms, and cloud-native architectures.
• Support development of AI governance policies and frameworks that align with regulatory expectations and customer trust requirements.
• Raise organizational awareness of new and evolving security risks, and ensure controls evolve to address them.