Compliance and Security Manager

As an Enterprise Security Compliance Manager, you will be responsible for managing the firms

security compliance activities as focused on third-party vendors. You will be responsible for

leading efforts that include collecting and organizing written responses and documentation,

leading calls and meetings to gather information from vendors, and ensuring that all follow-up

communications and remediation items are completed on time. You will be responsible for

scheduling and coordinating vulnerability assessments, penetration tests, and associated

remediation activities. You will be a member of the Global Security and Risk Management team.

1. Directly responsible for policies, procedures and controls to assure compliance with applicable

regulatory, legal and audit requirements as well as good business practices.

2. Develop and manage an information security risk management program including

development, evaluation, and adherence to multiple areas of practice.

3. Develop a risk strategy that identifies and classifies risks, defines appropriate tolerances,

prioritizes mitigation activities, and measures risk levels using the Cyber Security Framework(s).

4. Establish and oversee formal risk analysis and self-assessments program for various

information services, systems, processes and recognized industry standards.

5. Identify, assess, manage, and track remediation of risks related to IT infrastructure,

applications, platforms and suppliers and drive explicit requirements and timelines in all

environments.

6. Develop strong relationships with external auditor and key stakeholders to ensure risk

management oversight is understood, managed appropriately and current with all standards,

guidelines, and regulations that are applicable.

7. Liaise with all departments to identify, track and provide remediation guidance for new

projects, services and/or third-party contracts in terms of information security assurance.

8. Oversee highest risk initiatives and serve as a point of escalation for remediation/mitigation

efforts.

9. Develop security compliance strategy and approach and ensure compliance with SOC1, SOC2,

ISO27001, CCPA, GDPR, local privacy laws, contractual requirements and globally-recognized

standards and guidelines.

10. Establish and oversee formal vulnerability management, penetration testing and security

posture assessment programs. Identify regulatory, legislative, and industry specific compliance

requirements and define controls that can be used to meet those requirements.

11. Oversee third-party assessment standards and privileged user monitoring as a check on

critical system access.

12. Act as a privacy and compliance officer and serve as the intake on security related inquiries

and coordinating with subject matter experts.

13. Managing the organization's vendor audit process including cloud service providers,

engaging in a risk-based approach to determine the depth of each audit, leading the audit, and

providing recommendations to management based on the results.

15. Reviewing organization contracts as part of the firm's contract review process; assessing

and recommending adjustments that serve to minimize security risks in organization

agreements.

16. Supporting the client's security review process on an overflow basis from intake through

closure by identifying all necessary internal stakeholders based on the request (e.g. security

survey, audit, review), assembling relevant and appropriate documentation, drafting responses,

scheduling and leading calls/meetings, and communicating follow-up activities.

17. Preparing technical documentation and reports