Manager of Security Governance, Risk and Compliance

About the position

At Asurint, we're building a leading information-based technology company in Cleveland, Ohio. Asurint is on a mission to help our customers succeed by bringing innovation, flexibility and personal ownership to background screening - all while addressing the changing regulatory landscape. We measure our efforts by the success our customers enjoy and the positive onboarding experience of their employees. We are succeeding because they succeed. The Manager, Security Governance Risk and Compliance is responsible for partnering with all departments and/or individuals throughout the company to help drive continuous risk management and compliance improvement. This individual is also responsible for the management of the risk and compliance program and the overall governance and compliance per contractual, regulatory, industry, and legal requirements and regulations that apply to Asurint.

Responsibilities

• Leads security professionals by providing direction, coaching, training, and development to the security team and manages the team's performance to organizational goals and expectations.
• Designs, enhances, manages, and oversees the implementation of the overall Security GRC program.
• Leads the customer security compliance function and interfaces with customers to ensure Asurint meets regulatory and contractual obligations as well as customer expectations.
• Develops and maintains the governance and compliance models regarding multiple regulatory and contractual requirements and obligations applicable to Asurint.
• Manages and leads the SOC2 program within Asurint as well as liaisons with legal, finance, and other departments to ensure security and IT controls are implemented, effective, repeatable and continuously improved upon throughout Asurint.
• Recommends and oversees the implementation of secure and compliant solutions to meet current and future government and industry requirements.
• Develops, tracks and manages the overall security risk program to ensure risks to Asurint are known, understood, mitigated and/or managed.
• Manages vendors and outside service providers effectively; sets expectations and holds them accountable.
• Provides support to ensure internal controls and processes are implemented and documented to provide compliance with regulatory and certification obligations.
• Conducts independent internal audits and escalates findings and concerns as appropriate.
• Partners with all internal business units to improve risk and governance processes, facilitate issue resolution, and to improve the overall risk posture of the company.
• Other duties as required.

Requirements

• Experience leading at the functional level is preferred.
• Experience with multiple regulatory requirements including PCI-DSS, SOX, FCRA, GLBA, etc. is required.
• Strong project management and/or continuous improvement skills are required.
• Experience with information systems or technology audit frameworks is required.
• Experience with the various security solutions and systems is preferred.
• Prior customer experience dealing with regulations and compliance aspects is required.
• Prior project management experience handling large and complex engagements and offerings is required.
• Experience with the legal/court system as well as background screening is preferred.
• Proficiency in MS Office (Outlook, Excel, Word) or similar software is required.
• Relevant business management systems such as general ledger, HRIS, CRM, etc. is required.
• Education: Bachelor's degree in computer science, information technology, information security, or a related field is required.
• Master's degree is preferred.
• Certifications or licensure: Certified Information Systems Auditor (CISA), Certified Fraud Examiner (CFE), Certified Information System Security Professional (CISSP) is preferred.
• If you do any work-related driving while at Asurint, a driver's license and ability to maintain a driving record that is satisfactory to the company's liability insurance carrier is required.
• Years of relevant experience in security, internal audit, risk management or related field: 7 to 10 years is required.
• Years of experience supervising employees or major projects: 2 to 4 years is preferred.

Benefits

• Medical, dental and vision effective first day of employment
• 401(k) with employer match
• Paid time off
• 10 company-paid holidays
• Employee Assistance Program
• Wellness Program
• Paid Bereavement
• Pet Bereavement
• Pet Insurance
• Volunteer time off
• Telecommuting Stipend
• Professional development programs
• Short-term disability
• Company-paid long-term disability
• Company-paid life insurance
• Flexible spending/health savings accounts
• Employee referral bonus