Senior Product Security Compliance Manager
Description:
:
Senior Product Security Compliance Manager - Remote or Hybrid
Nice to meet you!
We’re the leader in analytics. Through our software and services, we inspire customers around the world to transform data into intelligence - and questions into answers.
We’re also a debt-free multi-billion-dollar organization on our path to IPO-readiness. If you're looking for a dynamic, fulfilling career coupled with flexibility and world-class employee experience, you'll find it here.
About the job
The R&D Security & Compliance Team is looking for a Senior Product Security Compliance Manager to join our team to help drive visibility, understanding, and compliance with application security policies. As an R&D compliance specialist, you will perform product security compliance audits, identify and qualify technical solutions, and drive prioritized remediation of control and compliance findings. You will partner with global project teams and management to identify areas of risk, recommend controls, and influence changes and decisions. As a member of the R&D Security & Compliance team you will assist with both internal and external audits to determine present and future risks, as well as prepare reports to help management make decisions around risk remediation, acceptance, and avoidance.
As a Senior Product Security Compliance Manager, you will:
Complete product security risk assessments and audits with emphasis on processes, infrastructure, security, compliance with internal and external regulations, and major company projects.
Prepare and deliver compliance reports to leadership that effectively communicate trends, highlight relevant findings or risks, and identify remediation recommendations.
Collaborate with project and program management to define and deploy data solutions to proactively identify, evaluate, and monitor potential compliance violations and findings.
Coordinate with stakeholders to ensure all product security related policy exceptions/risk acceptances are managed in accordance to company policies and standards.
Collaborate with cross-functional teams (including engineering, product management, sales operations, and finance) to develop business- and risk-appropriate control implementation solutions that meet all required corporate policies.
Communicate with and educates process owners on the importance of internal controls to improve risk management, control, and governance. Maintains knowledge and understanding of systems/business changes, which may impact effectiveness of internal controls.
Interpret internal policy and regulatory compliance requirements (ISO, NIST 800-53, FedRAMP, PCI-DSS, etc.) into technical requirement specifications for engineering and operations teams.
Provide requirements to engineering and DevOps to support incorporating automated compliance tools and processes into the CI/CD pipeline.
Required qualifications
8 years of relevant application security and / or product security audit experience (preferably control design and implementation).
Bachelor's degree in a quantitative field, preferably in Computer Science, Information Technology, or a related discipline.
Ability to communicate risks, threats, and vulnerabilities identified during assessments in a clear and concise way to both technical and non-technical audiences.
Ability to communicate clearly and concisely with internal and external parties including partner organizations, regulatory bodies, customers, and suppliers.
Hands-on experience with one or more of the following security standards and technical / compliance requirements: ISO 27001, NIST 800-53, NIST SSDF
In-depth knowledge of PaaS, IaaS, and SaaS security controls
Strong knowledge of infrastructure, database, and application security
You’re curious, passionate, authentic and accountable. These are our values and influence everything we do.
Preferred qualifications
Experience implementing and auditing compliance in CI/CD pipelines.
Previous experience with delivering security compliance, risk management and IT audit programs at tech companies preferred.
Experience assessing and measuring software process maturity and secure development lifecycles against software security maturity models (SAMM, BSIMM, SLSA).
Experience with one or more of FedRAMP High, SOX, PCI-DSS, etc.
World-Class Benefits
Highlights include...
Comprehensive medical, prescription, dental and vision plans.
Medical plan options include...PPO with low annual deductible and copays.
HDHP combined with a health savings account with a contribution from SAS (no access to on-site health care center).
Onsite Health Care Center (HQ) that’s free to employees and family members enrolled in the PPO plan. There's a pharmacy too! Not local to HQ? The pharmacy will ship prescriptions for no additional charge!
An industry-leading 401k plan.
Generous time away including vacation time, a variety of paid holidays, and our much-loved U.S. Winter Wellness Break between December 25 and January 1.
Volunteer Time Off, parental leave and unlimited paid sick days.
Generous childcare benefits for all full-time employees.
Diverse and Inclusive
At SAS, it’s not about fitting into our culture – it’s about adding to it. We believe our people make the difference. Our diverse workforce brings together unique talents and inspires teams to create amazing software that reflects the diversity of our users and customers. Our commitment to diversity is a priority to our leadership, all the way up to the top; and it’s essential to who we are. To put it plainly: you are welcome here.
Additional Information:
To qualify, applicants must be legally authorized to work in the United States, and should not require, now or in the future, sponsorship for employment visa status. SAS is an equal opportunity/Affirmative Action employer. All qualified applicants are considered for employment without regard to race, color, religion, gender, sexual orientation, gender identity, age, national origin, disability status, protected veteran status or any other characteristic protected by law. Read more: . Also view the notice.
Resumes may be considered in the order they are received. SAS employees performing certain job functions may require access to technology or software subject to export or import regulations. To comply with these regulations, SAS may obtain nationality or citizenship information from applicants for employment. SAS collects this information solely for trade law compliance purposes and does not use it to discriminate unfairly in the hiring process.
SAS only sends emails from verified “(url removed)” email addresses and never asks for sensitive, personal information or money. If you have any doubts about the authenticity of any type of communication from, or on behalf of SAS, please contact
#SAS
#LI-WR1 #LI-Remote
Permanent