Job Description
Symplast is in search of an experienced and driven Compliance Manager who is looking to put their auditing experience, technical expertise, and information security knowledge to use by leading and managing the Symplast Controls Framework. The Compliance Manager is responsible for the IT audit, Risk, Governance, and compliance functions at Symplast. This is a key role to the organization in that it helps our clients understand how seriously we take information security. This leader will oversee audit responsibilities as well as streamline our customer assurance processes.
As Compliance Manager, you will play a key role to build scalable and efficient processes related to controls, risks, corrective actions, product compliance, and the overall compliance framework. You will work with all functions of this fast-paced, rapidly changing business, and directly with key stakeholders to drive continuous improvement, communication and education with Symplast’s internal and external customers.
Responsibilities:
Manage a strategic and comprehensive compliance program, including appropriate IT management controls and procedures
Develop and maintain a consistent, repeatable process for identifying risks, qualitatively and quantitatively risk assessments, determining risk treatment, and managing associated findings and remediation plans. Scope of risk management domain includes, but is not limited to, asset risk management, third party risk management, and security/privacy risk management
Enforcement of the overall Governance, Risk, Compliance program
Responsible for continuous monitoring, remediation, and reporting of controls to management and coordination across functional teams to remediate and close the control gaps
Maintain evidence documentation across internal stakeholders for a repeatable process
Collaborate with internal and external stakeholders to understand risks to critical infrastructure by defining potential business impacts
Support both regulatory and customer audits
Build relationships with internal and external stakeholders
Accurately and effectively communicate our compliance position and programs to customers
Serve as an information resource to the organization regarding the release of compliance information and related issues
Manage and deliver the on-time completion of ISO?, NIST?, PCI? HIPAA, SOC for Service Organizations, SOX audits
Improve processes and procedures related to audit and customer assurance
Manage vendor risk management and vendor onboarding process
Work with the team to maintain and annually review security policies
Qualifications:
Bachelor's degree from an accredited college/university or equivalent professional experience
4+ years’ experience in Governance, Audit, Compliance or Information security, some of which in a leadership role
Experience with IT Risk Management principles including industry leading practices, industry frameworks, and processes
Experience using any Agile methodologies is a plus
Experience working for a SaaS or other technology service provider
Experience auditing cloud services and infrastructures
Background in planning, scoping and managing audits in an ISO?, NIST?, PCI? HIPAA, SOC for Service Organizations, SOX audit environment
Experience with customer assurance and a vision for streamlining customer assurance processes
Comfortable with reviewing contracts and privacy documents
Flexible and adaptable to changing situations.
Ability to work independently and collaboratively with other teams to achieve goals and represent the business.
Ability to remain objective in balancing business needs and risk.