Security Compliance Program Manager

About The Position

Requirements

• You make security a priority in everything you do.
• You enjoy leading with empathy and simplifying security for non-security audiences.
• You have strong communication, interpersonal, and leadership skills.
• You have a good understanding of HIPAA, NIST 800-53 and/or other security compliance frameworks.
• You have experience leading portions of information security audits.
• You prioritize keeping yourself abreast with the security trends and threats, and can explain these issues in a simple way to a non-security audience.
• You have experience with cloud security architectures and best practices for AWS (or equivalent for GCP/Azure).
• You have experience with scripts (Shell, Python) and you prefer the use of automation for gathering evidence.
• 3-5 years information security experience with a focus on compliance, FedRAMP, NIST 800-53, HIPAA, SOC 2, ISO 27001.

Nice To Haves

• CISSP, CISM, AWS Certified Security or similar security certifications
• Working knowledge of tools such as Qualys, Datadog, and AWS Security services for vulnerability management, SIEM, and scanning.
• Working knowledge of AWS Audit Manager, AWS Artifact, Drata, or Vanta.
• Experience with automating the gathering of evidence for information security audits.
• Comfortable with scripting in Python and Bash.

Responsibilities

• Develop, document, and maintain FedRAMP-specific policies, procedures, and controls.
• Support efforts to maintain FedRAMP compliance, including the creation of System Security Plan (SSP), gathering evidence, and preparing reports.
• Collaborate with team members to manage the continuous monitoring (ConMon) program, including internal and external reporting on vulnerabilities, tracking POA&Ms, and developing ConMon artifacts.
• Coordinate with internal teams to develop and implement policies to meet compliance requirements.
• Collaborate with third-party assessors to complete security assessments and audits.
• Conduct third party risk assessments.
• Drive security training and phishing campaigns.
• Conduct periodic risk assessments and audits to ensure compliance with applicable regulatory frameworks.

Benefits

• competitive base salary & annual bonus opportunity (for non-commissioned roles)
• We offer a 401(k) plan and stock options.
• Health, dental, and vision coverage start on day 1, while 401(k) eligibility and stock options follow soon after.
• Remote workdays and 3 days a week of in-office collaboration for team members in the Philadelphia area. Check location requirements with the recruiting team.
• Take time off as needed, targeted at 4 weeks per year, including vacation, personal and sick time, plus paid parental leave.
• 12 weeks paid leave for childbearing, surrogacy, and adoption; 6 weeks for non-childbearing parents.
• mentorship program, departmental talks, and a library of resources are available beginning day 1 for each new team member to minimize the stress of starting a new job
• biweekly 1:1s, hands-on leadership that is goal-and growth-oriented for each team member, and an annual budget to support professional development pursuits