VMock - Manager - Information Security & Compliance (5-12 yrs)

Information Security and Compliance Manager

We are seeking a skilled and motivated Information Security and Compliance Manager to join our dynamic and talented team and help us achieve our company's data security and compliance objectives. This unique opportunity is perfect for individuals that want to build on their cyber security experience, are passionate about compliance, and want to make an impact in the company. This includes developing, implementing, and maintaining an information security program that meets or exceeds the requirements of industry regulations, standards, policies, and legal requirements. You will collaborate with cross-functional teams to implement and maintain data privacy best practices, drive continuous improvement in our data protection measures, and contribute to the overall security posture of the organization.

Responsibilities:

- Develop, implement, and maintain the company's information security compliance program.

- Direct and oversee the assessment, selection, implementation, and maintenance of information security tools and technologies.

- Enforces information security controls and investigates/responds to information security incidents. Conduct regular security assessments to identify and mitigate risks. Participate in the development and execution of data breach and incident response plans, including timely reporting to relevant authorities.

- Liaise with external auditors and regulators to ensure compliance with GDPR, CCPA, TXRAMP and other relevant certifications/audits. Participate in business continuity planning (BCP) activities when required by regulation or senior leadership.

- Stay up-to-date on changes to laws, regulations, and industry standards. Monitor and assess the effectiveness of current measures, identifying areas for improvement and implementing necessary changes.

- Work with other departments to ensure that security is incorporated into all aspects of the business. Evaluate and manage data privacy risks associated with third-party vendors and partners, including conducting privacy assessments and due diligence.

- Maintain accurate and up-to-date records related to data privacy activities, including policies, procedures, assessments, and incident reports. Prepare reports, business cases, and presentations on security risk, controls, the status of compliance efforts, etc.

- Train employees and stakeholders on security best practices. Develop and deliver data privacy training programs, promoting a culture of privacy awareness and responsibility.

Qualifications:

- Bachelor's degree in Computer Science, Information Security, or a related field. Master's degree is a plus.

- Professional Certification in information security or compliance (CISSP, CISM, CISP)

- Strong understanding of at least one major regulatory framework including GDPR, CCPA, etc.

- Thorough knowledge of information security and compliance concepts.

- Excellent communication skills, both written and verbal, with the ability to convey complex technical concepts to non-technical stakeholders.

- Working knowledge of industry-leading information security tools and technologies

- Strong analytical and problem-solving skills.

- Experience collaborating with cross-functional teams and third-party vendors.

- Experience with data breach response and incident management.

- Interest in emerging technologies related to information security and compliance

- Knowledge of software development practices and security principles is a plus.