at Trellix in Springfield, Illinois, United States
Job Description
Job Title:
Manager Compliance
Role Overview:
Lead Compliance Team focused on certifications such as SOC2 & FEDRamp across Skyhigh Applications
About Us
At Skyhigh Security, we have a bold vision to Secure the World’s Data. Our mission is to protect organizations with cloud-native security solutions that are both data-aware and simple to use.?We go beyond data access and focus on data use, allowing organizations to collaborate from any device and from anywhere without sacrificing their security. We strive to live your values every day. We want to Lead the Industry, we actively embrace our differences, we love to learn together, and we choose to celebrate each other often!
The Manager, Compliance will provide thought leadership on the implementation of information security frameworks to guide investments in IT security programs for Skyhigh Networks. This role will have intimate knowledge of best practices for security controls (people, process, and technology) across all cybersecurity domains common to an enterprise IT security program. This role will be able to lead and contribute to information security workshops, discovery assessments, security maturity modeling projects (including target and current state definitions), target state roadmaps/implementation planning, and development of security policies, procedures, standards, and guidelines. The Manager, Compliance will demonstrate the ability to align information security with business goals using a risk-based approach in the core areas of IT security including Identity and Access Management, Data Security, Applications Security, Network Security and Engineering, Security Program Strategy (including security frameworks) and Operations. A key function of this role will be building deep relationships, gaining trust, and enabling client success.
What You’ll Do
+ Implement industry security frameworks (e.g., NIST, CSF) and translate these into tailored, prescriptive control environments to guide security program investments in people, process, and technology
+ Assess and develop security program policies, procedures, standards, and guidelines which are aligned to industry best practice and account for applicable compliance/regulatory requirements.
+ Develop security program strategies and recommendations along with affiliated roadmaps and project plans – this may involve facilitating and delivering security program workshops and discovery sessions to assist clients with defining an overarching strategy for their security program
+ Perform technology control and risk assessments and providing recommendations across people, process, and technology to fill noted gaps
+ Develop deliverables and presentations for client leadership (up to C-suite) which could include requirements documentation, gap analysis, program maturity models, short/long term program roadmaps and security tool rationalization outputs
+ Lead large security initiatives in complex IT and business environments
+ Capture detailed meeting notes and workshop findings/take-aways
+ Perform maturity modeling and analysis to identify, analyze, and resolve business problems
+ Establish strong and lasting relationships with key stakeholders and decision makers in client organizations
+ Develop education and mentoring opportunities for more junior consultants
+ Coordinate with more senior technology leaders to ensure all deliverables are well drafted and in line with Skyhigh Networks and client expectations
Qualifications & Interests
+ Bachelor’s degree from an accredited university recommended
+ Minimum of 5 -7 years’ experience in enterprise security experience required
+ CISSP, CISA, CISM, CIPP or equivalent security or privacy certification strongly desired
+ Strong expertise assessing the maturity of IT security programs and capabilities to identify a security program’s current state and establishing a roadmap for achieving a defined target state which accounts for noted capability gaps and affiliated risks
+ Strong expertise assessing and developing IS policies, procedures, standards, and guidelines
+ Extensive knowledge in industry security and risk management frameworks/guidance (e.g., NIST CSF, ISO 27001, ISO 27005, NIST Risk Management Framework, etc.) and extensive experience implementing or assessing against them
+ Experience performing IT/IS risk, privacy, and control assessments based on leading practice and regulatory requirements (e.g., FEDRamp, PCI, SOC2, GDPR, HIPAA)
+ FEDRamp assessment experience is critical
+ Motivated self-starter who loves to solve challenging problems and feels comfortable working directly with customers
+ Excellent oral, written communication, and presentation skills with an ability to present security sessions and security workshops to C-Level Executives and non-technical audience, advanced PowerPoint presentation skills strongly desired
+ Highly organized, detail-oriented, excellent time management skills, and able to effectively prioritize tasks in a fast-paced, high-volume, and evolving work environment
+ Ability to support support and sales requests with a proactive and consultative manner; listen and understand user requests and needs and effectively deliver
+ Comfortable managing multiple and changing priorities, and meeting deadlines in an entrepreneurial environment
+ Ability to travel when needed
Compensation:
Base Pay Range: $91,000 – 169,000. Actual base pay within this range will depend on varying circumstances, including the work location, individual qualifications, company budget and other operational business needs. Compensation may also include annual bonuses and long-term incentives, subject to various metrics and company policy.
Company Benefits and Perks:
We work hard to embrace diversity and inclusion and encourage everyone to bring their authentic selves to work every day. We offer a variety of social programs, flexible work hours and family-friendly benefits to all of our employees.
+ Pension and Retirement Plans
+ Medical, Dental and Vision Coverage
+ Paid Time Off
+ Paid Parental Leave
+ Support for Community Involvement
We’re serious about our commitment to diversity which is why we prohibit discrimination based on race, color, religion, gender, national origin, age, disability, veteran status, marital status, pregnancy, gender expression or identity, sexual orientation or any other legally protected status.
Trellix is a global company redefining the future of cybersecurity. The company’s open and native extended detection and response (XDR) platform helps organizations confronted by today’s most advanced threats gain confidence in the protection and resilience of their operations. Trellix’s security experts, along with an extensive partner ecosystem, accelerate technology innovation through machine learning and automation to empower over 40,000 business and government customers. More at https://trellix.com .
