IT Security Risk and Compliance Program Manager

CloudPassage is looking to hire a Security Risk and Compliance Program Manager to join the Security and Compliance team. A successful candidate is proficient with collaboration and communication skills. The role will focus on teamwork to operate a governance framework for IT Compliance. Accomplishment will be measured by improvement to IT's overall risk posture, compliance with various regulations, and providing management visibility to risk.

Because of the company's business model, we are often challenged with unique, cloud centric, interesting security and compliance requests. Our goal is to improve the company’s overall security posture, by reducing security risk, surpassing any compliance requirements and challenges.

We are looking for relevant work experience, appropriate skillsets, and a mindset that matches that of our department and its culture. This resource will report to the Director of Security.

Role Responsibilities:

  • In-depth to expert knowledge of various information security control frameworks, best practice standards, regulatory requirements, industry requirements for information security and IT related compliance requirements including SOC-2, PCI-DSS, FedRAMP, SOX and ISO 27001.
  • Have a proven track record of designing security control strategies, compensating controls, and explaining public cloud responses to traditional datacenter-centric audit requests.
  • Support the documentation, and validation of processes necessary to assure that associates, information technology systems and business processes meet the organization's information assurance, security, privacy, and compliance requirements.

  • Conducts review of threats and vulnerabilities, determines deviations from acceptable configurations or enterprise or local policy, assesses the level of risk, and develops and/or recommends and operationalizes appropriate mitigation countermeasures.

    • Perform reviews and to supports any external audits.

    • Escalates non-compliance issues and risks to IT Security management; follows up on issues with management and IT leadership to ensure carry through of resolutions.
  • Work closely engineering and product management teams. Ability to present assessment findings and recommendations in a manner that will be understood and accepted by all responsible parties.
  • Be responsible for timely delivery of all compliance projects.

Required Qualifications:

  • Bachelor's degree or equivalent experience/certification is required.

  • Prior experience in a risk and compliance program.
 Requires in depth knowledge of SOC-2, PCI-DSS, FedRAMP, SOX and ISO 27001.  
  • Strong written and verbal communication skills; ability to effectively communicate across all levels of the Company; attention to detail.

  • Minimum five years of internal or external information technology audit experience and/or information security experience.

Preferred Qualifications:

  • You have an interest in startups
  • CISA certification
  • You are an effective communicator
  • You are very organized with a keen attention to detail
  • You drive to succeed in a fast pace and continuously evolving environment

About CloudPassage:

At CloudPassage, we are all about making cloud computing more secure and agile for leading global enterprise companies by resolving the number one inhibitor to cloud adoption: security. This challenge requires smart, passionate, and creative people.

We invented agile security for modern infrastructure. Our platform protects the most critical business assets. Staying in front of the cloud security landscape is a huge challenge that requires expertise, creativity, hard work and intense collaboration.

Leading enterprises like Citrix, Salesforce.com and Adobe use CloudPassage to enhance their security and compliance posture, while remaining agile. Headquartered in San Francisco, CA, CloudPassage is backed by Benchmark Capital, Lightspeed Venture Partners, Meritech Capital Partners, Tenaya Capital, Shasta Ventures, Musea Ventures and other leading investors.


Back to top