Events  Classes  Deals  Spaces  Jobs  SXSW 
    Sign in  
Domo // micro investing app
American Fork, UT    Posted: Wednesday, January 08, 2020
Apply To Job

Position Summary

The Manager of Risk & Compliance is a key member of Domos Compliance team responsible for evaluating & supporting compliance initiatives covering information security, policy, risk management, data classification, vendor management, privacy, audit, & awareness. This position assists other members of the Compliance team with designing, developing & implementing information security policies & documentation, assessing compliance with existing policies, & overall compliance with security related requirements from customers. In addition, this position assists with performing security assessments & monitoring & tracking compliancestatus; developing & improving processes, procedures, standards & guidance; providing guidance on security control implementation; & definingand implementing process improvement & maturity initiatives. The position will also be responsible for assisting in developing policies & procedures & evaluating risks & controls to support the companys Federal Information Security Management Act (FISMA) Security Accreditation (FedRAMP), ISO 27001, ISO 27018, SSAE 18, HITRUST, & other regulatory & compliance initiatives. Success in this role requires a good understanding of information security best practices, strong security knowledge, ability to understand & communicate risk & controls, organization, planning, good communication & writing skills.

Key Responsibilities:

  • Work with internal stakeholder engineering teams to manage & document the implementation of security compliance control implementations for technical, management, & operational requirements.
  • Manage the compliance program to collect & document technical architecture, operational processes & security policies from multiple internal engineering teams.
  • Lead the gap analysis of current policies, procedures & practices as they relate to established guidelines outlined by NIST, FISMA, HIPAA, & other regulatory standards.
  • Lead & perform risk assessments of technology infrastructure & operational processes & controls for assigned areas.
  • Develop, build & maintain the controls matrix, in alignment with multiple compliance frameworks, including SOC 1 & SOC 2, ISO 27001, ISO 27018, FedRAMP, HITRUST, & HIPAA.
  • Lead the development & maintenance of security documentation such as the System Security Plan, Privacy Impact Assessment, Configuration Management Plan, Contingency Plan, Contingency Plan Test Report, POA&M, annual FISMA assessment, & incident reports.
  • Lead establishing rules for risk analyses & security assessments which includes addressing controls defined by FIPS 199, NIST SP800-37, NIST SP800-53, NIST SP800-171 for both business operations & technical implementations throughout the company.
  • Manage information security training & awareness programs.
  • Manage & lead vendor management assessments & interface with vendors on occasion.
  • Manage & track efforts related to threat & vulnerability assessment processes to monitor & remediate vulnerabilities in a timely manner.

Job Requirements:

  • Bachelor's degree in Computer Science, Information Technology or related field.
  • Minimum of 5 years experience in security risk management, compliance, audit, & information security.
  • CISSP, CISM, CISA, CCSA or equivalent certification required.
  • Familiarity with enterprise-level compliance tools such as ServiceNow, Archer, IBM GRC or other industry equivalent software.
  • Knowledge & experience in FedRAMP, NIST SP 800-53 Rev 4, NIST SP 800-37, FISMA, NIST RMF, NIST FIPS 199, ISO 27001, ISO 27018, SSAE 18, HIPAA & HITRUST.
  • Experience in cloud based environments for production applications, including Amazon Web Services, Microsoft Azure, GCP or other large scale cloud deployment.
  • Experience in the vulnerability assessment lifecycle from the point of identification to remediation.
  • Understanding of risks & controls as they pertain to firewalls, IDS/IPS systems, malware controls, URL filtering tools, anti-spam systems, BYOD controls, DLP, VPN, web application firewalls, endpoint security controls, OS hardening, multi-factor authentication, encryption key management, mobile device management, wireless security, full disk encryption, database security controls, & network segmentation.
  • Understanding of OS concepts & security concerns in Linux, MacOS X, & Windows systems.
  • Interpersonal skills to work as a team member & as a liaison.
  • Excellent verbal communication, presentation, organizational & planning skills.
Apply To Job
© 2020 GarysGuide      About    Feedback    Press    Terms
Sponsor Gary's (World Famous) Red Tie