Manager, Security Compliance

• Compliance Program Development: Design, implement, and maintain the organization’s security compliance frameworks. Establish policies and procedures to ensure adherence to applicable laws, regulations, and standards (e.g., AICPA SOC2, SOX, NIST CSF, HIPAA, and PCI-DSS).
• Lead the Security Risk Management team for automation and engineering-led thinking for security control assessment, evidence collection, and summary reporting.  Monitor emerging regulations and industry trends to update compliance strategies.
• Risk Assessment and Auditing: Conduct regular risk assessments to identify compliance gaps. Plan and oversee internal and external security audits. Collaborate with stakeholders to address findings and implement corrective actions.
• Project Planning and Coordination: Define project scope, goals, and deliverables aligned with IT and cybersecurity objectives. Develop detailed project plans, including timelines, resource allocation, and budgets. Collaborate with IT, security teams, cross functional teams and external vendors to ensure project alignment.
• Training and Awareness: Develop and deliver training programs to educate employees on security and compliance requirements. Promote a culture of compliance and security awareness across the organization.
• Policy Management: Draft, review, and update security policies, standards, and guidelines. Ensure documentation is current and aligns with industry best practices and legal requirements.
• Incident Management and Reporting: Oversee compliance-related incident investigations and resolution. Ensure timely reporting of security incidents to regulatory bodies as required.
• Stakeholder Collaboration: Act as a liaison between departments, including H&R Block (Wave owner), IT, legal, and executive leadership, to ensure cohesive compliance efforts. Provide regular updates and reports on compliance status and risks to senior management.
• Vendor and Third-Party Management: Assess and monitor third-party vendors to ensure compliance with security requirements. Establish and enforce contractual compliance obligations.

You Thrive Here By Possessing the Following:

• 5+ years of related professional compliance and controls program experience.
• Bachelor’s degree in Computer Science, Cybersecurity, or a related field.
• Proven experience in security compliance management or a similar role.
• Advanced level knowledge of AICPA SOC 2, SOX, NIST CSF, HIPAA, GDPR and/or ISO 27001.
• Experience leading internal and/or external audits, working as the liaison between auditors and the business.
• Experience implementing automated compliance workflows.
• Strong understanding of Amazon AWS environment and SaaS platform. Comfortable working with both deeply technical and non-technical resources.
• Flexible in daily hours (e.g. willingness to work longer hours during end of quarter and peak periods, and audit).
• Ability to prioritize and track multiple projects and tasks in parallel.