Security and Compliance Lead

at  Flexspring

REQUIRED SKILLS AND ATTRIBUTES:

• Knowledge and understanding of SOC 2, GDPR, and ISO27001;
• 5 or more years of experience in a Compliance, Security, or related domain;
• Good understanding of Governance, Risk and Compliance (GRC) requirements for organizations
• Hold current or past CISA, CompTIA Security+ certification or equivalent experience;
• Demonstrate initiative and ability to drive results with little oversight;
• Broad technical knowledge of information security and compliance principles and processes;
• Possesses the relational skills necessary to work effectively in a large corporate environment;
• Must be able to communicate and facilitate meetings with technical and non-technical leaders;
• Must demonstrate strong written and verbal communication skills and consistent follow-through in all efforts;
• Experience in piloting an information security compliance audit either as an auditor or an auditee.

RESPONSIBILITIES

• Manage compliance activities and lead scheduled audits (SOC 2, GDPR, ISO27001)
• Ensure that internal systems are compliant with the laws and regulations of different jurisdictions (USA, EU, Canada, UK, etc.);
• Review and approve client contracts and DPAs;
• Respond to current and prospective client inquiries and questionnaires pertaining to security, privacy, and compliance;
• Review and escalate security alerts and notifications from Elastic, Google Workspace, and AWS Security Hub to the IT Operations team;
• Oversee Vulnerability Management and Penetration Testing remediation efforts;
• Create and conduct the annual Security Awareness Training for all staff;
• Assist in the development and maintenance of security policies, plans, and procedures to meet regulations and industry best practices;
• Assists with the enforcement of policy guidelines;
• Collaborate with the IT Operations team to monitor, manage and resolve existing compliance and security issues;
• Work on special IT projects as a project manager/coordinator.