Our Information Security & Compliance Manager position is a very unique role that offers the career opportunity to lead, learn and grow in many areas. The role participates actively across all InfoSec and compliance programs and participates in decisions and advice related to business operations, technology operations, and overall risk management. Leadership and strategy are key elements of this position. It offers the opportunity to work with a strong team in a challenging environment, while delivering creative solutions across the entire organization.
The key purpose of this role is to drive behaviors and results for DataScan related to critical areas of interest for Information Security and Compliance. This is accomplished through engagement at all levels of the organization and operations. The largest volume of activities for this role will be compliance/risk related with a secondary focus on technical/development input and controls. The selected candidate must have a solid understanding of technical security controls, compliance and governance process/modeling, and ideally will have a strong technology-security architecture background.
Specific responsibilities include, but are not limited to:
- Partner with business, technical, HR, and compliance resources in support of customer related security and compliance activities (including annual open-house and special client or vendor visits) several times per year.
- Ownership (consulting, mentoring, communications, tracking and management) of all enterprise training related to information-security, risk, and compliance (i.e. threat management, ethical behavior, etc…).
- Partner with business and technical resources to plan, coordinate, execute, and reporting related to the annual DataScan certification events (i.e. SOC1)
- Partners with IT, Business Compliance, Legal and HR representatives to ensure that all technology information security, risk and compliance controls adequately meet business compliance requirements.
- Responsible for working with Technical Engineers, Vendors, SME’s, Project Managers, and Business Analysts to provide input into technical and functional compliance requirements and plans where necessary.
- Responsible for driving compliance to JM Family identified security frameworks and practices where applicable.
- Partner closely with Compliance Manager to evaluate and deliver client IT risk assessments and provide a strong focus to ensure the company manages, mitigates, and swiftly responds to any audit findings that require action.
- Leads the tracking and management of DataScan enterprise technology-risk, security, governance, and compliance standards related to the policies and procedural documentation.
- Track and monitor the completion of vulnerability, static and dynamic scans (penetration testing, ethical hacking, etc…).
- Coordinate threat modeling activities and provides recommendations for technology security controls (vulnerability assessments, responses, execution).
- Responsible for general DataScan awareness and education related to information security, risks, threat-management, compliance, and overall best-practices.
- Responsible for security, compliance, risk-tracking, and mitigation reporting and metrics to help guide strategic planning and decisions (verbal updates, dashboards, etc…).
- Strategic leadership and guidance related to the implementation of security measures and controls.
- Coordinate security plans with clients and external vendors.
- Ensure InfoSec compliance related activity documentation is maintained throughout the year.
- Conduct internal and external security assessments and root cause analysis related to security events & incidents.
- Establish & facilitate risk tracking and mitigation reports/metrics to help guide Infosec and operational needs.
- Advise and provide awareness/training in the subjects of cyber security, risk and best practices.
- Manage network, intrusion detection and prevention systems.
- Define, implement and maintain corporate security policies.
- Manage & participate in projects ensuring alignment to information security policy and standards.
- Partner with IT, Business Compliance, Legal and HR representatives to ensure that all technology information security, risk and compliance controls adequately meet business compliance requirements.
- Work with Technical Engineers, Vendors, SME’s, Project Managers, and Business Analysts to provide input into technical and functional compliance requirements if necessary.
- Drive compliance with company identified security frameworks and practices (NIST & CSA).
- Partner with the business in support of customer related security and compliance activities including presentations to business customers several times per year.