Manager Security Compliance

About The Position

Requirements

• 8+ years of experience in information security, risk management, compliance, or related disciplines.
• Bachelor’s degree in IT or related field preferred or equivalent work experience in lieu of degree.
• Working knowledge of security frameworks such as Cyber Risk Institute, NIST CSF, CIS Controls, and PCI DSS along with experience applying these and other industry-specific regulations to projects and infrastructure.
• Experience in collaborating across diverse teams, including IT, business units, and external stakeholders, to address security requirements and align with project objectives.
• Strong understanding of security risk assessment methodologies, controls implementation, and process optimization, with a track record of successfully mitigating risks and enhancing security practices.
• Strong working knowledge of major security frameworks and regulatory requirements, including CRI, NIST CSF, PCI DSS, and CIS Controls, with experience aligning compliance platforms to support assessments and evidence management.
• Skilled in optimizing compliance workflows, dashboards, templates, and reporting to enhance operational efficiency and audit readiness.
• Proficient with core security technologies such as vulnerability management, encryption, and identity and access management.
• Strong analytical and communication skills, able to identify trends, explain complex technical and regulatory concepts, and support cross‑functional collaboration.
• Highly organized, detail‑oriented, and capable of managing multiple priorities while improving processes, automation, and program scalability.

Responsibilities

• Compliance Program Execution Execute and continuously improve enterprise security compliance processes and assessments, supporting the strategic direction established by the Manager.
• Operate and maintain the security compliance technology platform, ensuring assessments, evidence collection, and issue tracking are completed accurately and on schedule.
• Coordinate compliance assessment activities and ensure required documentation is complete and aligned with standards.
• Create, manage, and maintain standardized templates, procedures, workflows, and reporting to support consistent compliance operations.
• Security Exception Management Execute detailed assessments of security exception requests, documenting risks, mitigating controls, approvals, and expiration tracking, in accordance with governance defined by the Director.
• Track exception approvals, expirations, and remediation requirements, ensuring timely reminders, escalations, and accuracy of exception data.
• Security Issue Escalation & Tracking Manage execution of the Security Compliance Finding and Issue Escalation process, ensuring control gaps and audit findings are documented, monitored, and remediated on schedule.
• Maintain and operationalize workflow steps aligned to governance requirements defined by the Director, ensuring appropriate escalation of overdue or high‑risk issues.
• Align information security issue tracking with Enterprise Risk Management processes and escalate high‑risk issues through established governance forums.
• Documentation Governance Oversee the Information Security documentation governance program, ensuring policies, standards, procedures, and guidelines are accurate, current, and aligned with regulatory, customer, and internal control requirements.
• Implement and maintain the documentation lifecycle processes, including drafting, review, approval, publication, version control, retention, and retirement.
• Coordinate updates to documentation to ensure alignment with applicable frameworks such as CRI, NIST CSF, PCI DSS, and CIS 18, reflecting changes in technology, controls, and risk posture.
• Track documentation quality, exceptions, gaps, and remediation activities; prepare reports and metrics to support leadership visibility and compliance oversight.
• Partner with security, risk, IT, and compliance stakeholders to ensure documentation supports audits, assessments, and ongoing control operation.

Benefits

• Competitive Pay, including a Bonus Target or Variable Pay Incentive Program
• Benefits Package -Medical, Dental, and Vision (plus much more)
• 401(k) Plan with Company Match
• Short- & Long-Term Disability
• Wellness Programs
• Group Life and AD&D Insurance
• Paid Vacation, Sick Days and bank Holidays
• Employee Engagement Activities including Employee Appreciation Day, DEI Employee Resource Groups, Corporate Social Responsibility, Service Recognition