Security Assurance and Compliance Program Manager

About The Position

Requirements

• A minimum 3 – 5 years of IT and/or Regulatory Compliance experience
• Experience with Cyber Security frameworks
• Background working with audit standards such as SOC 2
• Experience managing third-party risk assessments or security due diligence activities
• Experience writing policies, plans, or governance documentation related to information security, technology, privacy, regulations, and risk management
• Excellent communication and writing skills
• Experience with Privacy and general Compliance topics
• Knowledge and experience working with financial institutions preferred
• Project management skills

Nice To Haves

• Security Certifications like Security+, GSEC, etc. preferred
• Intellectual curiosity, with a demonstrated commitment to continuous growth
• A desire to join a growing company with a vibrant, entrepreneurial culture, dedicated to being the top provider in the class action recovery space.

Responsibilities

• Facilitate cross-functional coordination related to Information Security, Privacy, Regulations (Compliance) and IT Security risk management initiatives
• Build relationships with and communicate compliance requirements with internal stakeholders
• Monitor and investigate current and emerging compliance topics to inform strategic direction
• Act as team lead on legal, regulatory, and privacy topics in collaboration with the Information Security Team and with Finance
• Collaborate with internal stakeholders within IT Security, TechOps, Finance, and related teams to support ongoing technology and information risk management and governance activities
• Contribute to company-wide security awareness training initiatives
• Manage client and prospect third-party risk assessments, including completion and submission of IT/security, Privacy, and Regulatory due diligence questionnaires (DDQs)
• Serve as an owner for IT Security and Compliance due diligence inquiries and assessments from clients and prospects
• Monitor company policies and standards status and track revisions/updates
• Manage the technology audit (SOC 2) process
• Oversee the vendor due diligence program
• Assist with the handling of regulatory obligations in collaboration with IT Security, Finance, and Legal
• Monitor regulatory developments and assess impact to company operations, policies, and controls
• Ensure policies are aligned with regulatory expectations yet balanced to support business requirements to not be overly burdensome
• Coordinate with external counsel and advisors as needed to support regulatory requirements.
• Partner with Product Management to ensure products incorporate privacy/regulatory requirements

Benefits

• Competitive salary and bonus
• Health, dental, vision
• 401k (with company match)
• Income protection plans (life, accidental death and dismemberment, short- and long-term disability) and access to a suite of voluntary benefits
• Fun, smart, diverse colleagues
• Close to public transit (walking distance to Wellington T on Orange Line)
• Free drinks and snacks
• Free parking onsite
• Free access to onsite gym