Security and Compliance Manager

at  LotLinx Inc

Since our founding in 2012, Lotlinx has consistently pioneered advancements in the automotive landscape. We specialize in empowering automobile dealers and manufacturers by providing cutting-edge data and technology, delivering a distinct market advantage for every single vehicle transaction. Today, we stand as the foremost automotive AI and machine learning powered technology, excelling in digital marketing, risk management, and strategic inventory management.
Lotlinx provides employees with a dynamic work environment that is challenging, team-oriented, and full of passionate people. We offer great incentives to our employees, such as competitive compensation and benefits, flex time off, and career development opportunities.

JOB DESCRIPTION

Lotlinx is currently seeking an experienced Security and Compliance Manager to join our dynamic team. In this role, reporting directly to the VP of Product Operations, you will be instrumental in ensuring our adherence to legal standards and internal policies, with a specific emphasis on the convergence of software development, operations, organizational culture, and security.
This position is tailored for individuals with a comprehensive background in compliance, information security, and risk management, who are eager to instigate significant changes in a high-paced environment. As the key point of contact, you will assume responsibility for all facets of cybersecurity and compliance project management – from initiation and planning to execution and monitoring.
This newly established role at Lotlinx offers the autonomy and opportunity to develop and implement processes and frameworks, where you’ll have a lasting impact. Success in this role hinges on your ability to build trust, adapt quickly, actively learn, communicate clearly, champion efficiency, and willingly tackle formidable challenges. If you are ready to thrive in a position where you can make a substantial impact while steering your own professional trajectory, we encourage you to apply.

QUALIFICATIONS

• Minimum 3 years of experience in a compliance and/or cybersecurity role, with a preference for those with exposure in the software industry.
• Bachelor’s degree or equivalent in Information Technology, Cybersecurity, or a related field.
• Possession of professional certifications related to cybersecurity, compliance, and risk management (e.g., CISM, CISSP, CISA) is considered an asset.
• Technical and problem-solving skills in the context of IT Service Management (ITSM) or ITIL are considered an asset.
• Ability to learn and translate technical issues into a business risk context.
• Demonstrated proficiency in presentations and status reporting.
• Strong administrative and organizational skills.
• Talent to promote collaboration between stakeholders, solve problems, achieve objectives, meet schedules, improve efficiencies, exercise good judgment, and communicate clearly.
• Proven experience in managing compliance within technology and software development environments.
• Deep understanding of IT security principles, risk management, and product lifecycle.
  Lotlinx is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.
  Lotlinx is not currently able to offer sponsorship for employment visa status.
  Lotlinx is headquartered in Peterborough, NH and has locations in Holmdel NJ, Manitoba, Ontario and British Columbia, Canada in addition to a large team spanning from the US to Canada.
  Our success relies heavily on our customers but also our dedicated talent that continuously moves our platform forward. We value our employees, their abilities and seek to foster an open, cooperative, dynamic environment where the team and company alike can thrive

• Regulatory Compliance Expertise: Act as a subject matter expert for cybersecurity and compliance projects, providing guidance and leadership in adherence to relevant laws and regulations in both Canada and the United States, with a focus on SOC 2.
• Roadmap Oversight and Governance: Oversee the execution of the cybersecurity roadmap and governance framework, ensuring alignment with compliance standards like SOC 2. Provide progress updates and track changes in the organization’s cyber risk and security posture, staying abreast of laws in Canada and the United States such as the California Consumer Privacy Act (CCPA) and the Gramm-Leach-Bliley Act (GLBA).
• Internal Audits and Risk Assessments: Conduct internal audits and risk assessments, ensuring strict adherence to compliance standards.
• Cross-Departmental Collaboration: Collaborate with various departments to integrate compliance controls into operational processes, ensuring alignment with legal requirements.
• Security Activities Planning and Execution: Plan and execute security activities, including cybersecurity awareness training, tabletop exercises, DR tests, penetration tests, etc.
• Security Event Processes: Establish and execute processes for security events, ensuring timely response, investigation, containment, reporting, and continuous improvement.
• DevOps Collaboration: Collaborate with DevOps teams to integrate automated security tools into the CI/CD pipeline.
• Application Security Testing: Perform Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), and Software Composition Analysis (SCA).
• Security Scan Results Review: Review security scan results, prioritize vulnerabilities using a risk-based approach, and collaborate with development teams for resolution.
• Application Architecture Evaluation: Evaluate application architecture for security issues and flaws, addressing concerns such as network security, IAM misconfigurations, encryption, and key management.
• IAM Effectiveness Assessment: Assess the effectiveness of Identity and Access Management (IAM) controls, access controls, and user management processes.