Responsibilities

• Lead with various IT Security compliance tasks including security awareness, audit remediation, security controls strategies, and third-party/vendor risk management.
• Lead the development and implementation of the system-wide risk management function of the information security program to ensure information security risks are identified and monitored
• Lead the system-wide information security compliance program, ensuring IT activities, processes, and procedures meet defined requirements, policies, and regulations.
• Lead implementation of CIS hardening controls and CSC20 controls
• Support assessment processes for internal/external auditors, NIST, CIS, CSC20, ISO27001 and FedRAMP.
• Documentation review; drafting of policy, procedures, and standards and compliance documents
• Develop security KPI/metrics to track compliance programs maturity and performance
• Lead Customer and Vendor security assessments
• Reviewing and updating security policies and procedures to ensure compliance with industry standards and regulations
• Collaborating with IT and security teams to implement security controls and remediate identified vulnerabilities
• Participating in internal and external audits, and providing necessary documentation and evidence of compliance
• Monitoring and reporting on compliance-related metrics and trends
• Communicating with senior management and other stakeholders to provide updates on compliance status and risks
• Keeping abreast of new regulations and industry standards to ensure continued compliance
• Reviewing and managing access control and user management with IAM