Position Description

We are seeking an experienced Security Risk & Compliance Manager to join our Enterprise Information Security team and reporting to the Director, Information Security. In this role, the Security Risk and Compliance Manager will be responsible for developing, implementing, and overseeing the risk management and compliance program against standards, policies, and compliance requirements to reduce the risk of cyber security threats and ensure compliance with SOC 2 and regulatory compliance. The candidate will work closely with IT and other teams to continually identify risk exposure and implement security controls in support of compliances, possess a strong understanding of security best practice, project management skillsets, a high level of accountability and responsibility, and the proven ability to execute and deliver.

Responsibilities

• Manage and develop risk management and compliance programs to track and monitor risk to resolution.
• Interact and collaborate across the company to assure security controls align with SOC 2 requirements and regulatory compliance.
• Regularly monitor, track, and audit SOC 2 controls and other security risks to ensure compliance with requirements such as FTC Safeguards Rule, CCPA, and NYCRR.
• Facilitate and ensure compliance with SOC 2 certification and regulatory compliance.
• Collaborate with IT and other teams to develop and implement secure processes.
• Develop and facilitate security awareness training.
• Develop security policy, standard, and process documents.
• Conduct security risk assessments.
• Conduct regular security audits.
• Develop and maintain assessment questionnaires
• Stay abreast of relevant security and privacy regulations, laws, technologies, and threats.

Qualifications/Desired Skills & Abilities

• Must have 10  years of IT Security experience or related field.
• Must have 8  years of risk and regulatory compliance experience.
• Must have 5  years of leading successful SOC 2 or equivalent certification.
• Must demonstrate in-depth knowledge of current security best practice for application and network security.
• Must be meticulous and detailed oriented with projects and outputs, including development of reports and management of work.
• Additional experience with implementing security frameworks such as NIST or ISO 27001.
• Understanding of network and application security best practice.

• Familiar with security technologies such SIEM, WAF, vulnerability scanning.

• Manage risk and compliance projects/tasks issues to solution.
• Outstanding project management and organizational skills to manage multiple security projects.
• Must be self-motivated, analytical and possess a problem-solving outlook.
• Superior attention to detail and conscientious quality of work product.
• Professional demeanor with superior oral and written communication skills

Education and Experience

• Bachelor’s Degree in Information Security, or similar discipline
• CISSP or CRISC certification or similar qualifications
• Experienced with SOC 2 audits and FTC Safeguards Rule, CCPA, and NYCRR requirements

Physical Demands
 While performing the duties of this job, the employee is regularly required to type and look at a computer screen for long periods of the day. The employee must be able to sit for long periods of time.
 

Qualifications

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed above are representative of the knowledge, skill, and/or ability required. Reasonable accommodations will be made to enable individuals with disabilities to perform the essential functions. 

Note

This job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice. 

Automobile Protection Corporation (APCO) is a Drug Free Workplace as well as an Equal Opportunity Employer. Qualified applicants shall be considered for all positions without regard to race, color, sex, religion, national origin, age, disability, veteran status, or any other status protected by federal, state or local law.