Information Security and Compliance Manager

A Moving Experience.

Opportunity: We are a leading software development company specializing in voice AI technology for the global automotive industry. Our solutions power next-generation in-vehicle voice experiences for some of the world’s most recognized automotive brands.  We are seeking a skilled Security and Compliance Manager to lead our efforts in protecting our infrastructure, applications, people, and customers while aligning with industry standards and best practices.

Daily Functions / Responsibilities:

• Lead the implementation and oversight of security controls interfacing with our global teams
• Maintain and evolve our information security management system (ISMS) in line with frameworks such as ISO 27001/17, TISAX, CIS, and NIST
• Manage projects and programs to meet our security objectives
• Manage internal and external network penetration tests, vulnerability scans, and remediation processes.
• Coordinate responses to customer security assessments, including RFPs, RFQs, and due diligence questionnaires.
• Oversee centralized compliance controls and governance tools
• Partner with IT, help desk, and software development teams to ensure secure operations and adherence to best practices.
• Track and report on compliance posture, including risk assessments, audit results, and remediation efforts.
• Monitor changes in regulatory requirements or industry standards and adjust internal controls as needed.
• Promote a culture of security awareness across the organization.

Requirements:

• Bachelors degree
• 5+ years of experience in enterprise information security and risk or compliance management within a software development or technology-focused company.
• Strong understanding of enterprise security architecture and security solution implementation.
• Experience managing penetration testing, vulnerability assessments, and incident response planning.
• Experience with compliance frameworks and standards such as ISO 27001/17, TISAX, CIS, and NIST
• Experience working with IT infrastructure, service/help desk teams, and software development teams.
• Experience with Crowdstrike Falcon, network vulnerability management tools, static code analysis and open source scanning tools
• Proven analytical and critical thinking
• Proven ability to methodically plan, organize, and manage initiatives.
• Demonstrated ability to lead security audits and manage external security assessments.
• Excellent written and verbal communication skills, especially for client-facing documentation and security reporting.

Preferred Qualifications

• Industry certifications such as CISSP, CISM, CRISC, or ISO 27001 Lead Implementer.
• Familiarity with application compliance frameworks such as ISO 21434, UNECE WP.29).
• Experience facilitating threat analysis and risk assessments (TARA)
• Experience with Atlassian Jira and Confluence
• Experience with Azure cloud security controls
• Familiarity with GRC platforms and compliance automation tools (e.g. Audit Board, Drata)

Cerence Inc. (Nasdaq: CRNC and www.cerence.com) is the global industry leader in creating unique, moving experiences for the automotive world. Spun out from Nuance in October 2019, Cerence is a new, independent company that has quickly gained traction as a leader in the automotive voice assistant space, working with all of the world’s leading automakers – from Ford and Fiat Chrysler to Daimler, Audi and BMW to Geely and SAIC – to transform how a car feels, responds and learns. Its track record is built on more than 20 years of industry experience and leadership and more than 500 million cars on the road today across more than 70 languages. 

As Cerence looks to the future and continues an ambitious growth agenda, we need someone to join the team and help build the future of voice and AI in cars. This is an exciting opportunity to join Cerence’s passionate, dedicated, global team and be a part of meaningful innovation in a rapidly growing industry.

EQUAL OPPORTUNITY EMPLOYER

Cerence is firmly committed to Equal Employment Opportunity (EEO) and to compliance with all federal, state and local laws that prohibit employment discrimination on the basis of age, race, color, gender, gender identity, gender expression, sex, sex stereotyping, pregnancy, national origin, ancestry, religion, physical or mental disability, medical condition, marital status, citizenship status, sexual orientation, protected military or veteran status, genetic information and other protected classifications. Cerence Equal Employment Opportunity Policy Statement.

All prospective and current Employees need to remain vigilant when it comes to executing security policies in the workplace. This includes:

- Following workplace security protocols and training programs to familiarize with the ways to maintain a safe workplace.
- Following security procedures to report any suspicious activity.
- Having respect for corporate security procedures to allow those procedures to be effective.
- Adhering to company's compliance and regulations.
- Encouraging to follow a zero tolerance for workplace violence.

- Basic knowledge of information security and data privacy requirements (e.g., how to protect data & how to be handling this data).

- Demonstrative knowledge of information security through internal training programs.