Posted in Other about 2 hours ago.
Location: REMOTE
Description:
Company: Top technology corp
Position: Compliance Lead/Manager
Location: 100% Remote
No
te from the Manager:
I am looking for candidates that have hands-on, end to end PCI/SOC2 leading experience. Experience with customer engagements, or RFPs or Security questionnaires is a value add. Any technical experience working with the tools in the security ecosystem is a value add. Past experience with larger organizations and banks leading PCI/SOC2 experience is nice to have.
Job Description
Position: Manager, Security and Compliance
Oversee Security and Compliance for the business unit, for a SaaS Online Booking Tool (OBT) for business travel. Develop a multiyear
roadmap and manage execution against it.
Hands-on keyboard manager with experience wearing a lot of hats.
Experience leading security for a business unit or division as part of a larger enterprise is a plus.
Experience with an understanding of business risk appetite and tolerance.
Experience engaging stakeholders to gain support for initiatives.
Travel industry experience is a plus.
SaaS experience is a plus.
Experience managing and working with teammates across multiple time zones and continents is a plus.
Develop and maintain strategy for SOC 2 Type 2 and PCI-DSS attestations. Work with audit support contractors to plan and execute
audits.
Experience with PCI-DSS as a Service Provider.
Experience with PCI-DSS 4 is a plus.
Experience with SOC 2 Type 2 audits.
Work with the Chief Privacy Officer to maintain the business's data privacy program.
Experience with GDPR, CCPA/CPRA is a plus.
Experience leading privacy for a multinational SaaS product is a plus.
Lead product security efforts. Develop product security / SDLC strategy that includes SAST, DAST, and OSS scanning.
Experience with SAST, DAST, and OSS scanning.
Experience with Fortify On-Demand and Nexus IQ is a plus.
Experience with SDLC for security and integration with CI/CD pipelines is a plus.
Experience with container security management is a plus.
Lead vulnerability management program.
Experience with industry-standard vulnerability tools.
Experience in evaluating vulnerabilities in a Linux environment.
Experience developing metrics and tracking remediation.
Experience with Qualys suite is a plus.
Lead Incident Response process in collaboration with the NOC team.
Experience with structuring Incident Response process
Experience with Splunk is a plus.
Experience with Crowdstrike is a plus.
Lead Third-Party Risk Management program.
Experience with vendor assessments for SOC 2 and PCI.
Experience with GDPR sub-processor and controller transfer requirements.
Lead with RFP responses and customer engagement.
Experience with contract review.
Experience engaging customer security teams.
Experience with Responsive is a plus.
Experience creating customer white papers is a plus
Federal Reserve Bank (FRB)
$84,600.00 per year
|
Veterinary Emergency Group |
Veterinary Emergency Group |
West Village Post Acute |
Lockwood, Andrews & Newnam, Inc. (LAN) |
Lockwood, Andrews & Newnam, Inc. (LAN) |