Senior Security Compliance Manager

About The Position

Requirements

• Experience with Security Compliance frameworks such as ANZ IRAP, Italy ACN, UK Cyber Essentials, and AI Standards such as ISO42001 and NIST AI RMF
• Experience in supporting compliance automation
• Experience with cloud infrastructure (Azure, AWS, GCP) and SaaS technology
• Bachelor’s degree in Computer Science, Information Systems, or a related field or equivalent work experience
• 8+ years of relevant work experience in Security Compliance, Auditing, Assessments or other GRC related experience
• 2+ years of experience managing security compliance audits and/or customer audits
• Experience with the audit lifecycle, testing controls, and writing test scripts in various environments and functions
• Experience working with cross functional departments and stakeholders to provide security compliance issues, risks, and recommendations
• Industry certification such as CISSP, CISA, CISM, CRISC, ISO27001 Lead Auditor, CompTIA Security+, AWS/Azure Security, or equivalent GRC certification
• Experience reviewing compliance evidences required for audit
• Experience engaging with internal, external, and customer auditors

Nice To Haves

• Self-starter with excellent communication, collaborative, and presentation skills
• Comfortable working in a fast-paced, dynamic environment, and managing multiple projects concurrently
• Ability to coach and prepare technical teams / SMEs for audit interviews
• Strong understanding of common compliance and governance frameworks relevant for a fast-paced SaaS organization
• Strong networker and natural relationship builder with outstanding communication and influencing skills
• Executive level engagement and negotiation skills; Comfortable interacting at all levels from C-suite to technical teams
• Strong business acumen and leadership skills
• Excellent analytical and problem-solving skills and quantitative approach to solving problems
• Strong sense of ownership and goal achievement mindset
• Experience with privacy principles and the intent of privacy regulations including GDPR, CCPA, HIPAA, and HITRUST

Responsibilities

• Aanalyze the security compliance landscape continuously to identify which standards and certifications are relevant for the APAC region and translate requirements into program actions such as performing gap analysis, remediations, and controls effectiveness testing
• Lead end-to-end ANZ IRAP technical compliance with external auditors and ANZ government agencies and monitor compliance annually; This includes mapping IRAP controls to cloud-native architectures, automating evidence collection, and embedding IRAP requirements into Docusign security controls framework
• Perform security requirements mappings and develop or enhance controls to meet additional requirements; This also includes documentation of Evidence Requirements and Supplemental Guidance to support Security GRC programs and socialize to Control Owners
• Maintain technical experience and knowledge in Security Domains such as Logging and Detections, and Configuration Management, Vulnerability Management, and Network Security
• Implement the use of technical controls and/or AI across security audit, certification, and compliance activities to streamline processes such as evidence automation
• Identify automation opportunities and implement scalable solutions including technical and monitoring controls that integrate seamlessly with systems such as GRC platforms, cloud services, and various ticketing tools
• Manage and optimize security compliance audits and assessments including customer audits independently end-to-end while adhering to strict deadlines and maintaining executive level metrics and reporting
• Partner with engineering and product teams to embed compliance into the system design, architect, and operationalize technical solutions to reduce audit fatigue and streamline compliance team operations using tooling and AI
• Define and publish technical security and compliance requirements and controls guidance utilizing technology and/or AI to empower control owners and obtain actionable commitment from relevant stakeholders

Benefits

• Bonus: Sales personnel are eligible for variable incentive pay dependent on their achievement of pre-established sales goals. Non-Sales roles are eligible for a company bonus plan, which is calculated as a percentage of eligible wages and dependent on company performance.
• Stock: This role is eligible to receive Restricted Stock Units (RSUs).
• Global benefits provide options for the following:
• Paid Time Off: earned time off, as well as paid company holidays based on region
• Paid Parental Leave: take up to six months off with your child after birth, adoption or foster care placement
• Full Health Benefits Plans: options for 100% employer paid and minimum employee contribution health plans from day one of employment
• Retirement Plans: select retirement and pension programs with potential for employer contributions
• Learning and Development: options for coaching, online courses and education reimbursements
• Compassionate Care Leave: paid time off following the loss of a loved one and other life-changing events