DISCO is looking for a talented Information Security Compliance Manager to identify, manage, and report on the company’s security, privacy, regulatory, legislative, and contractual obligations.  Responsibilities will include performing reviews, assessments, and audits, conducting research, and facilitating communication to internal and external stakeholders where necessary.  The position will monitor, coordinate, and implement policies, standards, procedures, controls, and guidelines to support security, compliance, and audit requirements.

We are looking for an experienced individual with a passion for security and compliance and who isn’t afraid of a challenge. The ideal candidate will have exceptional communication skills, attention to detail and the ability to work independently.

Your Impact

As a foundational member of the IT Security and Compliance team, you will help drive the direction of our security and compliance practice and have an impact from day one. You will ensure compliance with our audit obligations and drive continual improvement in our risk and cyber-security posture.

What You'll Do

• Oversee the information security programs including data protection, risk management, and compliance testing
• Improve existing compliance programs and processes.
• Develop, review, and modify information security and privacy policies.
• Design and execute audit procedures to assess and measure company compliance with its security policies and procedures.
• Monitor advancements in information privacy laws to ensure organizational adaptation and compliance.  
• Evaluate security incidents for violations of  privacy principles or legal standards.
• Manage compliance testing and monitoring of current and future regulatory obligations, and other regulatory matters as required. 
• Conduct internal security risk assessments and security compliance audits.
• Establish IT security audit procedures relevant to GDPR, SOC2, ISO27001, HIPPA, NIST 800-23
• Coordinate third-party audits.
• Develop materials and tools to effectively communicate compliance and corporate requirements.
• Develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities.
• Collect, analyze, and prepare reports required for senior management, regulators, and other relevant stakeholders.
• Document, investigate, and report cybersecurity compliance issues and incidents, where necessary.
• Work with business leaders to ensure information security risk findings are reviewed and solutions are implemented.
• Understand, develop, and deliver meaningful reports on the program state and adherence to frameworks and standards.
• Lead the escalation and resolution of risk and compliance issues with appropriate stakeholders.
• Liaise with relevant parties to commission activities related to contingency planning, business continuity management, and IT disaster recovery.
• Develop and maintain a vendor security and compliance program.
• Assist the sales team in responding to RFPs and security questionnaires; maintain a library of security and compliance RFP responses.
• Manage DISCO’s third party vendors with new and recurring security assessments.

Who You Are

• 5+ years of IT experience with a focus on security and compliance.
• Significant knowledge and experience with legal, privacy, and regulatory compliance standards such as HITRUST, HIPPA, ISO27001, SOC2, FedRAMP, PCI-DSS, GDPR, CCPA
• The ability to work in a fast-paced environment and the skills to deal with ambiguity.
• Experience with IT governance, risk, and compliance management.
• Experience coordinating tasks to complete third party assessments.
• Experience writing policies, procedures, and controls in one or more standards/frameworks.
• Knowledge of computer networking concepts and protocols and network security methodologies.
• Knowledge of risk management processes.
• Knowledge of cyber threats and vulnerabilities.
• Experience with Risk Management in both a compliance and security context.
• The ability to work in a fast-paced environment and the skills to deal with ambiguity.
• Ability to handle multiple competing priorities.
• Ability to work well under minimal supervision.

Even Better If You Have…

• CISSP, CISM, or other relevant security-related designation.
• Exposure to International Traffic in Arms (ITAR) regulations.
• A Bachelor’s degree in Computer Science, Information Systems, or related field.
• Experience securing the public cloud (AWS, GCP, Azure).