InfoSec Compliance Program Manager
(Menlo Park, CA)
Facebook's mission is to give people the power to build community and bring the world closer together. Through our family of apps and services, we're building a different kind of company that connects billions of people around the world, gives them ways to share what matters most to them, and helps bring people closer together. Whether we're creating new products or helping a small business expand its reach, people at Facebook are builders at heart. Our global teams are constantly iterating, solving problems, and working together to empower people around the world to build community and connect in meaningful ways. Together, we can help people build stronger communities — we're just getting started.
Facebook is seeking an experienced Information Security Compliance Program Manager to join the Information Security team. This position will be responsible for understanding and supporting the design of Facebook's organizational, procedural, and technological security controls within the context of the global regulatory frameworks applicable to Facebook and it's affiliate companies. The position will also help implement, automate, and maintain controls necessary to support a successful compliance program while supporting and responding to inquiries from internal and external stakeholders. Given Facebook and it's affiliate companies place in the world, this role will be highly visible within the company as we partner with technical and non-technical stakeholders across the business. An ideal Information Security Compliance Program Manager is someone with a strong background in technical security compliance or a related field. Successful candidates will be expected to have a passion for deepening their technical knowledge of the broad aspects of information security, while working for a company that provides products and services to over 2 billion users. This role requires a broad mix of business and technical acumen coupled with polished communication and a strong desire to learn. This role is located at our headquarters in Menlo Park, CA.
- Passion for technology, information security, and how Facebook protects and delivers services to its +2 billion users
- Does not take a check the box mentality to security
- Be a champion for Information Security within the company and to external parties
- Understand technical implementation details necessary to assess and design practical security controls to mitigate risks
- Lead the development and oversight of required corrective action plans relating to security risks and compliance requirements
- Support the identification, implementation, and maintenance of automated technical security controls required to mitigate risks to Facebook and affiliate companies
- Identify, research, and evaluate new compliance requirements and present them to the team and leadership
- Partner with team members and cross functional groups to ensure successful security programs align with compliance requirements
- Understand the security needs of internal and external stakeholders, regulators, and auditors
- Support security assessments, develop mitigation plans, and work with internal stakeholders to assign responsibility
- Partner with internal stakeholders to respond to external requests from regulators and consumers inquiring about Facebook's Information Security programs
- Assist with daily technical security activities and functions such as assessing security risks, supporting access escalations, creating and maintaining security reports/dashboards, etc.
- Communication, attention to detail, and project management skills
- Experience working with fragmented data to report metrics and identify actionable insights
- Minimum 4 years of experience leading and delivering technology security assessments for highly distributed web applications
- Experience working with security controls across all security domains such as access management, encryption methods, vulnerability management, network security, etc.
- Demonstrated leadership skills with the ability to work independently and collaboratively across various levels cross-functionally
- Ability to learn and continuously develop technical skills
- Experience with and strong understanding of most of the following common security compliance frameworks, controls, and best practices: AICPA Trust Principals (SSAE 16/18 - SOC 2 and 3), ISO 27000 Series, OWASP Top 10, PCI DSS, SANS CIS Critical Security Controls, regulations governing personally identifiable information (PII/PHI - HIPAA/Hi-Trust), and other applicable regulatory compliance frameworks
- Security consulting experience or related professional services/consulting background
- Bachelors in computer science, computer engineering, or business technology
- Experience working with python, bash, SQL, PHP, and modern web development paradigms
- Certifications in one or more of the following areas: CISSP, CISA, CISM, GISO, GCIH, CIPP
Meet Some of Facebook's Employees
Manager, Global Client Solutions
Peipei helps Facebook’s top clients devise solution-based and results-driven social media strategies. She creates strategic partnerships to help people and brands connect in a more meaningful way.
Back to top