Staff Security Risk and Compliance Program Manager

About The Position

Requirements

• 8+ years of experience in GRC, with a significant portion of that time focused specifically on compliance and regulatory matters.
• Strong understanding of compliance frameworks such as NIST, ISO 27001, SOC, PCI DSS, HITRUST, CSA Star, etc.
• Experience with public sector compliance and international compliance frameworks (i.e. FedRAMP, CMMC, IRAP, Cyber Essential, C5, etc) is a strong plus.
• Strong knowledge of and experience in all facets of integrated security governance, risk, and compliance management.
• Strong security engineering fundamentals background in infrastructure security controls in GCP, AWS, Azure, and/or web application security.
• Experience with implementing, operationalizing and maintaining GRC platforms.
• Strong project management and organizational skills.
• Experience in running long-term, complex security programs that deliver iterative improvements and risk reduction.
• Excellent written and verbal communication skills.
• The ability to influence and lead without direct authority.
• Detail-oriented with a strong analytical mindset.
• Current Security CISSP, CRISC, CISM or equivalent certification completed or currently in progress is a plus.

Responsibilities

• Develop, implement, and maintain Confluent's compliance program, policies, and procedures.
• Act as the primary owner of compliance initiatives, ensuring they are well-defined and executed on time.
• Stay up-to-date with relevant security regulations, standards and industry best practices.
• Translate regulatory requirements into actionable controls and processes.
• Act as a key point of contact for external auditors.
• Conduct compliance readiness assessments when there is a need to adopt a new framework.
• Identify compliance gaps and develop mitigation strategies.
• Implement and operationalize a common control framework.
• Assess control effectiveness regularly and identify areas for improvement.
• Create and manage company-wide policies related to trust & security.
• Develop and deliver training and awareness programs to educate employees on their compliance responsibilities.
• Plan and execute internal and external compliance audits.
• Manage audits and oversee the collection of evidence.
• Prepare and present regular reports to senior leadership on the status of the compliance program, identified risks, and remediation efforts.
• Partner with Legal, Engineering, Product, IT, and other business functions to ensure compliance requirements are built into new products, systems, and processes from the start.
• Drive a culture of continuous improvement, regularly reviewing and enhancing the compliance program to address evolving risks and regulatory changes.

Benefits

• Equal opportunity workplace.
• Belonging as a baseline, not a perk.
• Work across time zones and backgrounds.