Sr. Compliance Manager GRC

The Opportunity

Alameda Compliance is a technology compliance consulting firm which provides services to clients across multiple industries and platforms. We are looking for a self driven, bright, passionate and dedicated individual to be a leader in our Compliance team in continuing to enhance Alameda Compliance’s compliance consulting services. This position will include working closely with our client’s Security, Operations, Engineering, and Executive Management teams. Key responsibilities include leading client projects and audits for their compliance programs, building or enhancing Security or Information Security Management Systems (ISMS) programs, and representing Alameda Compliance’s security and compliance services to potential clients.

Essential Responsibilities

Responsible for managing the day to day execution of the Compliance program for Alameda Compliance Clients. This role will:

• Coordinate Client Compliance activities such as: planning and scheduling the annual compliance calendar,  development and maintenance of each client’s Information Security Management System, internal and external audit preparation, and RFx and Security questionnaire response.
• Manage certification and accreditation activities including but not limited to ISO 27001, ISO 9001, SOC 1/2, FedRAMP, HITRUST, CMMC, EU Privacy - GDPR, EU-US Data Privacy Framework.
• Work with the appropriate stakeholders on changes resulting from annual risk assessment and/or audit feedback to ensure appropriate processes are updated and communicated.
• Manage the support and maintenance of compliance roadmaps, Risk & Controls Matrix (RCMs), policies and procedures, evidence/artifacts, etc.
• Facilitate the scheduling of internal and external meetings (including kickoff, walkthroughs, and closing meetings).
• Serve as a point of contact with both internal and external audit teams to ensure requests are routed to the appropriate group and completed in a timely manner.
• Support the remediation of issues resulting from internal/external audit reviews.
• Leverage new/existing tools along with work experience and collaborative relationships to drive process efficiency and automation.
• Apply appropriate tools and methodologies to assist with project outcomes and/or process improvements.
• Provide support and guidance to project teams on control implications resulting from their project.

Requirements and Key Competencies:

• 5 years experience in information technology, compliance, risk management, or security performing Compliance specific responsibilities.
• 2 years management experience to include leading information security and compliance teams.
• Deep understanding and experience in the audit readiness, audit process, and certification to meet ISO 9001 and ISO 27001.
• Demonstrated expertise with continual compliance monitoring
• Strong listening and presentation skills necessary to understand, communicate with, and persuade a wide range of audiences
• In-depth knowledge of information security audit, risk management and policy compliance methodologies.
• Knowledge of security tools and solutions such as Firewalls, IPS, Encryption and security monitoring, etc
• Ability to review existing processes, identify potential improvements, and work with the appropriate stakeholders to drive efficiencies.
• Understanding of the deficiency evaluation process, and impacts of deficiencies on financial reporting.
• Ability to collaborate with a diverse set of internal and external stakeholders, including senior leaders, business and functional representatives, IT and technical representatives, and vendors / consulting partners.
• Ability to document and track activities associated with each Client.
• Maintaining a current understanding of prevailing tools used to support Client compliance programs.
• Ability to identify project-impacting issues and work with Management and Clients to address the risk/issue.
• Self-starter who takes initiative and manages their own projects end to end.
• Experience with or ability to learn, with minimal support, of technology tool sets including: JIRA/Confluence, Smart Sheets, Quip, Google Workspaces, Microsoft Office, Visio/Lucid Charts, etc.
• Professional level written and presentation skills tailored to Executive, Management, and Business Teams with proper grammar, correct spelling, contextually relevant summaries, and focus on proactive responses.