Technology Compliance Program Manager - Vulnerability Management

About The Position

Requirements

• 7 years of experience in IT Security and Compliance, or related area.
• Bachelor's degree in Information Security, Information Technology, Computer Science or related field, or an additional two years of relevant training/experience in lieu of this degree.
• Experience in project management, including all elements of scope, schedule, budgeting, risk evaluation, quality, integration, staffing, and communications.
• Knowledge of security regulations (e.g. Sarbanes-Oxley, Payment Card Industry Data Security Specification [PCI DSS], Health Insurance Portability and Accountability Act [HIPAA]) and standards (e.g. ISO 27001, NIST SP800-series).
• Excellent clear and concise verbal and written communication skills.
• High school diploma or equivalent.
• Minimum age of 18.
• Must be authorized to work in the U.S.

Nice To Haves

• Industry certification in security (e.g. CISA, CISSP, and/or GIAC).
• Industry certification in project management (e.g. PMP).
• 2 years experience leading people.
• Demonstrated knowledge and experience in information security, software development and/or network security for large organizations.
• Detailed technical knowledge in security engineering, system and network security, authentication and security protocols.

Responsibilities

• Ensure the vulnerability management program aligns with regulatory requirements (e.g., PCI-DSS, HIPAA, NIST, ISO 27001) and integrate with other security tools such as SIEM, CMDB, and ticketing systems.
• Define long-term strategy for developing, implementing, and continuously improving the enterprise vulnerability management strategy and roadmap.
• Influence across company and several levels up to execute on IT assessments focusing on compliance with information security policy, procedures and standards.
• Manage and optimize vulnerability management tools (e.g., Tenable, Qualys, Rapid7, etc.) to continuously improve the internal audit and risk management review.
• Consult Alaska Air Group divisions, IT departments and project resources regarding the development, management approval, and implementation of objectives, goals, policies, standards, guidelines, and other requirement statements needed to support information security compliance throughout the company.
• Serve as the primary point of contact between penetration testers and internal stakeholders, ensuring clear scope definition, rules of engagement, and minimal business disruption.
• Define and track key performance indicators (KPIs) and metrics to measure program effectiveness.
• Analyze and track findings, validate results, and work with relevant teams to prioritize and remediate identified vulnerabilities.
• Manage execution of timely delivery of reports to leadership and stakeholders, maintain documentation, and integrate findings into the broader vulnerability management lifecycle.
• Oversee regular vulnerability scanning and assessments across infrastructure, applications, and cloud environments.
• Facilitate, schedule, and coordinate internal and third-party penetration tests across applications, networks, and cloud environments.
• Maintain documentation and evidence for audits and compliance reviews.

Benefits

• Free stand-by travel privileges on Alaska Airlines, Hawaiian Airlines & Horizon Air.
• Comprehensive well-being programs including medical, dental and vision benefits.
• Generous 401k match program.
• Quarterly and annual bonus plans.
• Generous holiday and paid time off.