Compliance Manager
Salisbury Management, LLC, United States

The Compliance Manager will lead the compliance assurance program which includes risk management, compliance audits, and compliance assessments for on-premises and cloud hosted IT applications and infrastructure. This position is specifically responsible for understanding and assessing security, operational, and privacy risks related to services and solutions and provides input on appropriate controls to address those risks. The position will work with external and internal auditors, gathering and presenting evidence, as required. Areas of focus include Risk amp; Compliance, Compliance Strategy, Data Protection, Incident Response, and Business Partnership.

PRIMARY JOB RESPONSIBILITIES

• Establish compliance program based on processes mapped to relevant compliance standards.
• Conduct compliance reviews and assess existing security controls against specific framework requirements.
• Create processes for ingesting and processing non-IT compliance requests, concerns, and inquiries from end users of Salisbury services.
• Drive the strategic direction of the security assurance program based on compliance gaps and business risks.
• Manage remediation of identified risks and vulnerabilities; identify those within the organization responsible for remediation tasks and negotiate dates for remediation to be complete; track progress on remediation of identified risks and vulnerabilities and provide appropriate reporting to all constituents.
• Develop risk/vulnerability assessment programs with security resources and questionnaires to aid in the identification and mitigation of security risks.
• Ensure that identified risks are managed in accordance with the Risk Management program for on-premises technology and processes as well as cloud hosted IT applications and infrastructure.
• Lead and execute tasks and strategies associated with client security assurance inquiries such as reviewing security contracts, responding to security questionnaires, audits, and assessments for on premises, as well as cloud hosted IT applications and infrastructure as required via client contracts, regulatory obligations, and operational objectives.
• Clearly understand the on-premises and cloud technology and compliance risk to the organization as well as related laws, regulations, and industry standards, specifically as related to internal and cloud technology solutions.
• Independently design, recommend, plan, develop and support implementation of project-specific security and compliance solutions to meet requirements for on premise as well as cloud hosted IT applications and infrastructure.
• Recommend and draft policies, standards, procedures, and controls to assure the confidentiality, integrity, and availability of the information technology environment for on premise as well as cloud hosted IT applications and infrastructure. Also recommend and draft policies to prevent unethical, illegal, or improper conduct.
• Serve as the organization’s internal control point for ethics allegations, complaints, and conflicts and provide leadership advice on management of ethical issue.
• Respond to alleged compliance and ethics violations. Initiate investigation of compliance and ethical complaints with appropriate parties and ensure appropriate measures are implemented to prevent future occurrence.
• Work with the appropriate IT, legal, HR, and operational leaders to determine scope of onsite visits, audits, and assessments as defined by contracts and regulatory requirements.
• Make decisions on day-to-day task assignments to the team.
• Knowledge and experience with various industry standard frameworks such as FERPA, NIST CSF amp; RMF, CIS Top 20, ISO 27001, SSAE 18 (SOC 1) and SOC 2, HIPAA, HITRUST, CSA CCM, GDPR, Privacy Shields, etc.
• Familiarity with privacy laws, data protection/security regulations, and cloud security frameworks
• Experience with Compliance Management portals

• Develop and oversee the delivery of compliance training during onboarding and annually to all employees.

SECONDARY JOB RESPONSIBILITIES

• Participate in appropriate opportunities for continuing education, seminars, participation in field-related professional organizations, and so on to remain current on developments in information security profession.
• Lead projects, as directed.

• Perform all job responsibilities in a safe manner and adhere to safety practices and standards established by the company.
• Perform other related duties as assigned.

KNOWLEDGE, SKILLS amp; ABILITIES:

Requirements

Job Rewards and Benefits