Security Risk & Compliance Manager

AUTOMOBILE PROTECTION CORPORATION•Norcross, GA

55d

About The Position

We are seeking an experienced Security Risk & Compliance Manager to join our Enterprise Information Security team and reporting to the Director, Information Security. In this role, the Security Risk and Compliance Manager will be responsible for developing, implementing, and overseeing the risk management and compliance program against standards, policies, and compliance requirements to reduce the risk of cyber security threats and ensure compliance with SOC 2 and regulatory compliance. The candidate will work closely with IT and other teams to continually identify risk exposure and implement security controls in support of compliances, possess a strong understanding of security best practice, project management skillsets, a high level of accountability and responsibility, and the proven ability to execute and deliver.

Requirements

Must have 10+ years of IT Security experience or related field.
Must have 8+ years of risk and regulatory compliance experience.
Must have 5+ years of leading successful SOC 2 or equivalent certification.
Must demonstrate in-depth knowledge of current security best practice for application and network security.
Must be meticulous and detailed oriented with projects and outputs, including development of reports and management of work.
Understanding of network and application security best practice.
Manage risk and compliance projects/tasks issues to solution.
Outstanding project management and organizational skills to manage multiple security projects.
Must be self-motivated, analytical and possess a problem-solving outlook.
Superior attention to detail and conscientious quality of work product.
Professional demeanor with superior oral and written communication skills
Bachelor’s Degree in Information Security, or similar discipline
CISSP or CRISC certification or similar qualifications
Experienced with SOC 2 audits and FTC Safeguards Rule, CCPA, and NYCRR requirements

Nice To Haves

Additional experience with implementing security frameworks such as NIST or ISO 27001.
Familiar with security technologies such SIEM, WAF, vulnerability scanning.

Responsibilities

Manage and develop risk management and compliance programs to track and monitor risk to resolution.
Interact and collaborate across the company to assure security controls align with SOC 2 requirements and regulatory compliance.
Regularly monitor, track, and audit SOC 2 controls and other security risks to ensure compliance with requirements such as FTC Safeguards Rule, CCPA, and NYCRR.
Facilitate and ensure compliance with SOC 2 certification and regulatory compliance.
Collaborate with IT and other teams to develop and implement secure processes.
Develop and facilitate security awareness training.
Develop security policy, standard, and process documents.
Conduct security risk assessments.
Conduct regular security audits.
Develop and maintain assessment questionnaires
Stay abreast of relevant security and privacy regulations, laws, technologies, and threats.