Facebook pixel

Senior Information Security & Compliance Specialist
Confirmed live in the last 24 hours
Locations
Remote in USA
Experience Level
Entry
Junior
Mid
Senior
Expert
Desired Skills
Agile
Communications
Requirements
  • 4+ years of experience in IT and Information Security
  • Exceptional organizational and project management skills, including the ability to multi-task and lead many ongoing privacy initiatives
  • Self-motivated and thrive in a fast-paced environment
  • Proven track record of delivering on assigned responsibilities on time using interpersonal and communication skills
  • A standout teammate who builds positive relationships and collaborates across multiple functions and/or levels of a globally diverse organization, including outside service providers
  • Track record of building credibility and trust through consistent behavior, high integrity, and judgment
  • Intellectual curiosity, a dedication to professional development, an ability to learn, and an up-to-date functioning understanding of current privacy trends
  • Proven record navigating unstructured processes and simultaneously handling responsibilities with multiple, exciting demands
  • Proficiency of foundational requirements of global data privacy laws such as the EU/UK General Data Protection Regulation (GDPR), and California Consumer Privacy Act (CCPA), as well as State-specific privacy laws
  • Supporting certifications (e.g., CIPM preferred, CISA, CRISC, CISSP)
  • Experience working in, global organizations
  • Previous experience in Product SaaS company is an advantage
  • Ability to build relationships, motivate people, instill accountability, and drive results
  • Agile, proactive, and comfortable working in ambiguous situations
Responsibilities
  • The Security & Compliance Manager works with product and engineering leads, as well as our government partners, to understand security and compliance requirements for a variety of initiatives, translate those requirements into effective, but flexible processes that ensure compliance while minimizing burden on the product development lifecycle, and create related documentation for a wide variety of audiences
  • The manager also partners with sales leads, as an expert able to address customer questions concerning current and future security posture of RudderStack
  • This manager demonstrates experience working with a variety of stakeholders to design and implement compliance processes that support the software development cycle
  • Demonstrates an understanding of how changes may impact software security and privacy
  • Creates processes that support the delivery of secure and compliant systems while minimizing burden and impact on product teams
  • Operates within the context of the full software development lifecycle
  • Takes a consultative and proactive approach to understanding requirements, designing effective processes, and identifying opportunities for improvement
  • Delivers formal documentation (i.e., System Security Plans, Version Description Document, contracts, application documentation) and translates complex technical terms for a wide variety of audiences
  • Engages with internal and external stakeholders to manage security and compliance expectations and deliverables
  • Our roles are remote first, and can be based anywhere in the US (#LI-Remote)
  • Develop and cultivate strong working relations with industry regulators, accreditation bodies, authorizing officials, and qualified auditing firms
  • Drive strategy and processes for the overall implementation and operations of privacy compliance programs aimed at maintaining industry accreditations and certifications
  • Maintain an in-depth understanding of essential compliance requirements, standards, guidance, and interpretations of data protection laws and regulations
  • Advise process/control owners with the preparation and ongoing maintenance of controls and control documentation (e.g., policies, procedures, narratives, and matrices)
  • Assist with and drive remediation of control and process deficiencies and gaps identified internally and externally
  • Build strong relationships with business partners and facilitate continuous improvement aligned with operational processes and drive Privacy by Design initiatives
  • Collaborate with external legal teams to assess the implications of new or amended privacy laws
  • Develop and maintain Privacy Notices for websites, tools, etc., globally
  • Handle and respond to data subject requests and data privacy-related complaints, including customers' security questionnaires
  • Develop privacy-related procedures
  • Monitor and evolve SOC 2 Type I/II; HIPAA; and GDPR compliance programs, including annual audits, internal training, and awareness-raising activities
  • Coordinate Privacy Impact Assessments and the handling and resolution of data incidents, including actual and potential data privacy incidents
  • Assess the data privacy risks of new and existing vendors, including reviewing responses to the data privacy section of the vendor due diligence questionnaire
  • Develop Data Privacy training for the firm and additionally to the business as needed
  • Prepare presentations and communication to senior management, including the Security and Privacy Council
RudderStack

51-200 employees