Location: REMOTE
Description:
Company: Top technology corp
Position: Compliance Lead/Manager
Location: 100% Remote
Note from the Manager:
I am looking for candidates that have hands-on, end to end PCI/SOC2 leading experience. Experience with customer engagements, or RFPs or Security questionnaires is a value add. Any technical experience working with the tools in the security ecosystem is a value add. Past experience with larger organizations and banks leading PCI/SOC2 experience is nice to have.
Job Description
Position: Manager, Security and Compliance
Oversee Security and Compliance for the business unit, for a SaaS Online Booking Tool (OBT) for business travel. Develop a multiyear
roadmap and manage execution against it.
Hands-on keyboard manager with experience wearing a lot of hats.
Experience leading security for a business unit or division as part of a larger enterprise is a plus.
Experience with an understanding of business risk appetite and tolerance.
Experience engaging stakeholders to gain support for initiatives.
Travel industry experience is a plus.
SaaS experience is a plus.
Experience managing and working with teammates across multiple time zones and continents is a plus.
Develop and maintain strategy for SOC 2 Type 2 and PCI-DSS attestations. Work with audit support contractors to plan and execute
audits.
Experience with PCI-DSS as a Service Provider.
Experience with PCI-DSS 4 is a plus.
Experience with SOC 2 Type 2 audits.
Work with the Chief Privacy Officer to maintain the business's data privacy program.
Experience with GDPR, CCPA/CPRA is a plus.
Experience leading privacy for a multinational SaaS product is a plus.
Lead product security efforts. Develop product security / SDLC strategy that includes SAST, DAST, and OSS scanning.
Experience with SAST, DAST, and OSS scanning.
Experience with Fortify On-Demand and Nexus IQ is a plus.
Experience with SDLC for security and integration with CI/CD pipelines is a plus.
Experience with container security management is a plus.
Lead vulnerability management program.
Experience with industry-standard vulnerability tools.
Experience in evaluating vulnerabilities in a Linux environment.
Experience developing metrics and tracking remediation.
Experience with Qualys suite is a plus.
Lead Incident Response process in collaboration with the NOC team.
Experience with structuring Incident Response process
Experience with Splunk is a plus.
Experience with Crowdstrike is a plus.
Lead Third-Party Risk Management program.
Experience with vendor assessments for SOC 2 and PCI.
Experience with GDPR sub-processor and controller transfer requirements.
Lead with RFP responses and customer engagement.
Experience with contract review.
Experience engaging customer security teams.
Experience with Responsive is a plus.
Experience creating customer white papers is a plus
This job and many more are available through The Judge Group. Find us on the web at www.judge.com
Get Hired Faster
Subscribe to job alerts and upload your resume!
*By registering with our site, you agree to our
Terms and Privacy Policy.
Share diversity job
Manager, Security and Compliance is posted on all sites within our Diversity Job Network.
