Security and Compliance Manager

The Security and Compliance Manager will be responsible for spearheading all facets of information security, including compliance, risk management, vulnerability management, and daily security operations. They will be involved in developing and implementing robust security measures, leading policy development, ensuring compliance with relevant regulations, managing security risks, and overseeing the day-to-day security posture. They will provide mentoring and coaching to internal IT and security resources and strive to achieve a proactive security culture within the organization.

Responsibilities:
• Develop, implement, and manage comprehensive security and privacy compliance programs.

• Stay current with relevant laws, regulations, and industry standards, ensuring the organization's adherence to applicable requirements.

• Conduct regular compliance assessments and audits, addressing any identified gaps or non-compliance issues.

• Identify, assess, and prioritize information security risks.

• Collaborate with stakeholders to develop and implement risk mitigation strategies.

• Conduct regular risk assessments and provide recommendations for risk reduction.

• Design and implement security architecture and controls that align with industry frameworks.

• Oversee and continuously improve security tool efficacy.

• Design and implement a robust vulnerability management program.

• Conduct regular vulnerability assessments, analyze results, and coordinate remediation efforts.

• Stay informed about emerging threats and vulnerabilities, ensuring timely and effective response measures.

• Develop and maintain responsive security operations that deliver comprehensive monitoring, advanced detection capabilities, and high-fidelity alerting.

• Oversee day-to-day security operations, including incident response, threat detection, identity and access management, and monitoring.

• Lead the development and implementation of security policies, standards, and procedures.

• Lead incident response exercises to continually fine tune procedures.

• Collaborate with IT and other departments to integrate security measures into the organization's infrastructure and processes.

• Utilize a continuous improvement process for all security related systems, toolsets, services, and procedures to ensure that everything is meeting business needs.

• Develop and enforce data governance policies and procedures.

• Develop and implement safeguards to monitor the use of artificial intelligence.

• Regularly audit data to ensure that policies are properly implemented and utilized.

• Ensure data access controls and encryption are deployed appropriately.

• Provide leadership and guidance to the security team, fostering a culture of continuous improvement and innovation.

• Mentor junior team members and facilitate knowledge sharing within the team.

• Collaborate with other departments to promote a security-aware culture throughout the organization.

Required Knowledge, Skills, and Abilities:
• Bachelor’s degree in computer science, programming, information security, or a related field preferred. Equivalent work experience or certifications may be considered.

• 7 – 9 years of experience in risk, compliance, and information security policy development

• Team mentoring or leadership experience.

• Demonstrated problem-solving and analytical skills.

• Proficient, or able to gain proficiency with, a broad array of security software applications and tools.

• Thorough understanding of computer-related security systems including firewalls, encryption, and password protection and authentication.

• Strong interpersonal skills and the ability to effectively communicate with a wide range of individuals and constituencies in a diverse community.

• Knowledge of IT processes and controls and strong understanding of risk and control frameworks such as (ISO, NIST, ITIL, PCI).

• Strong working knowledge of information security regulatory requirements and standards such as ISO 27001.

• Ability to ensure standards and parameters for any systems on the company network are correct and current.

• Experience with Microsoft Intune, vulnerability assessment solutions, and patch management software.

• Experience with Microsoft, Cisco, and general security solutions.

• Experience with Microsoft PowerShell and/or scripting tools.

• Excellent verbal and written communication skills.

• Organized with attention to detail.

• Certified Information Systems Security Professional (CISSP) Certification.

Benefits - You'll love working at NRI not just for the usual benefits, but for our environment and culture!:
• You'll work with a great group of people in a highly collaborative team and results oriented atmosphere

• You'll have the opportunity to work in a dynamic and extremely positive environment where there is always the opportunity to challenge your skills and really move the needle

• You’ll work with large, sophisticated, and progressive clients throughout North America

• We provide a comprehensive benefits program including: $0 Healthcare option, company contribution to Health Savings Account with enrollment in a qualifying plan, 401(k) plus company match, Professional Development funds, Flexible Time Off (FTO) plus 11 company holidays, 4 weeks Parental/Caregiver Leave, company paid family building/fertility benefits through Progyny, Dental and Vision Insurance, and company paid Life/AD&D, short term and long term disability insurance.

Notices

The above description is intended to describe the general nature and level of work performed by individuals assigned to this position. This is not intended to be an exhaustive list of all responsibilities, duties, knowledge, skills, or experience required of individuals in this position. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential duties and responsibilities.

NRI North America is proud to be an Equal Opportunity/Affirmative Action employer.

NRI North America will accept applications on an ongoing basis.

NRI North America will consider qualified candidates with criminal histories in a manner consistent with The Los Angeles Fair Chance Initiative for Hiring Ordinance.

If you require reasonable accommodation in completing an application, interviewing, or otherwise participating in the hiring process, please direct your inquiries to [email protected].