Customer Security Assurance Manager

Why This Role is Exciting

The AuditBoard solution is critical to the success of some of the most security-conscious audit, risk, and compliance teams around the world. In this role, you will be responsible for ensuring the platform meets the needs and expectations of these important customers - both by helping customers understand how security is incorporated into everything we do at AuditBoard, and by funneling important product feedback into internal development teams. As a member of the team committed to overall data protection risk and its role in the company’s continued success, the Customer Security Assurance Manager role is customer-facing (internal and external) and highly visible. This is a unique opportunity to help influence the success and product direction of the next-generation GRC platform. If you are entrepreneurial, self-driven, and interested in making an impact on the future of GRC, we’d love to chat. This role commands an energetic individual able to balance the dynamics of a high-paced sales team, customers with ever-increasing data protection requirements, and the need to protect AuditBoard’s interest in committing to attainable contract terms regarding data protection.

Key Responsibilities

• Develop and implement a Customer Engagement strategy and supporting knowledge base assets and processes. 
• Provide ongoing guidance and consultation to the organization to promote a progressive and sustainable Security Assurance Engagement program
• Understand and serve as a subject-matter expert around AuditBoard’s security controls, along with the supporting processes and technology enablement
• Oversee a matrix team responsible for intake and processing of prospect and customer requests for due diligence support, including RFPs, customer audits, requests for information, conference calls, etc.
• Develop and maintain documentation and streamlined processes in support of customer due diligence activities and drive initiatives to enhance the efficiency and customer experience of the program
• Confidently discuss AuditBoard’s data protection practices to prospects and customers such that the listener is assured that said practices will meet the data protection requirements of a cloud solution provider
• Exercise sound judgment in difficult negotiations, keeping the objective in mind, projecting competence, and maintaining a consistent level of professionalism
• Redline and negotiate information data protection contract provisions proposed by AuditBoard prospects and customers
• Liaise with all levels of the organization, including senior management, sales, customer-facing teams, and legal to inform and improve comprehension and appreciation of the significance of cybersecurity and privacy for customers
• Cross-train internal resources and develop team members’ skills and expertise
• Assist with other Security Compliance activities as required
• Support business travel on an as-needed basis (up to 10%).

Attributes for a Successful Candidate

• 5+ years of security/IT compliance or equivalent experience working with Industry regulations and standards (focusing on SOC2, ISO/IEC 27001, HIPAA, FEDRAMP, GDPR)
• Ability to promote technical and personal credibility with internal and external customers, and both technical and non-technical audiences.
• Experience leading Information Security, IT Risk Management, or IT Compliance functions.
• Ability to communicate clearly with team members and clients. Active listener who can pick up subtle nuances and quickly understand customer needs.
• Skilled at organizing and translating information into clear written documentation; and articulating complex concepts and processes in writing.
• Deep understanding of how Compliance, Governance, Information Security, and Risk Management fit into the enterprise.

Preferred Qualifications

• CISSP, CISM, CISA, CIPP, or similar certifications
• BS or MS in computer science or related field
• A strong network and/or influence in the Information Security & Compliance space. (Leadership roles or strong participation in networking organizations, conference speaking engagements, an active blog, or otherwise.)
• Exposure to or experience with product management, or the development of software applications.
• Experience with sales or business development
• Experience adopting and/or auditing compliance frameworks