find jobs
job title, keywords or company
city, state or zip code
Compliance Manager - Information Security more...
Location:San Francisco, CA
First posted:April 04, 2017 (last updated 1 day 21 hours ago)

Compliance Manager - Information Security San Francisco

About the Position:

The Compliance Manager will be an integral part of the team responsible for our growing global compliance program.  This person should be an agile compliance manager that has the ability to quickly ramp up on security requirements needed in order to acquire FedRAMP certification, with direct experience working with 3PAO's, policies and security controls in line with ISO 27002 and NIST 800-53.

This position will help guide many large and complex projects and will work closely across partner teams in Security, Operations, Engineering and Product Management.  This person must have the ability to capture and articulate technical regulatory requirements, in a manner that brings clarity and eliminates confusion.  The successful candidate has a communicative and collaborative approach to management. You know how to assess risks, and you're adept at guiding individual teams in striking a healthy balance between their needs and the needs of the larger program.  You set a high standard in your own work, and also enjoy helping others with their project challenges.   This role will require a mix of business and technical acumen, the ability to inspire and influence decisions pertaining to regulatory standards and a polished ability to communicate with key stakeholders. Position Deliverables:

  • Analyze, assess and recommend security controls for FedRAMP compliance
  • Perform compliance management and oversight of Scrum teams for implementing security controls
  • Work with auditors, applications, infrastructure and other teams to achieve and maintain FedRAMP compliance
  • Customer focus and ability to leverage intuition, customer input, and data to rapidly test and validate products and features.
  • Designing security strategy phases needed to achieve compliance objectives against a deadline, with our ideal state on a collaborative timeline.
  • Taking on in-flight compliance programs including FedRAMP, HIPAA and GDPR efforts and others as they come online
  • Relationship management and leadership of cross-cutting security development projects
  • Guide vision for evidence creation, validation, and assessment workflows
  • Self-motivated and not afraid to tackle unknowns, demonstrate a strong bias to action
  • Strong verbal, presentation and written communication skills with the ability to appropriately communicate with the intended audience
  • Proven track record of handling multiple projects simultaneously.
  • Participate in the development and oversight of required corrective action plans relating to security compliance issues.
  • Support business relationships with the internal and external security auditors and regulators.
  • Support the communication of policies, procedures, and plans to internal stakeholders regarding security and compliance best practices around applicable laws, regulations, and controls.
  • Partner with internal teams to ensure successful security programs that align with compliance requirements.

About You:

  • Have confidence running large scale cross-cutting projects, requiring parallel efforts from dozens of teams.
  • Have the uncanny ability to see dependencies, blockers, gotchas and curveballs before others do, and your detailed project planning will account for them.
  • Ability to balance security priorities with compliance needs.
  • Strong and proven project management skills required.
  • Experience with developing security and compliance reporting.
  • Understanding of FedRAMP controls and Federal agency security requirements and processes.
  • Experience in Agile, Lean and/or scrum methodologies, not afraid to try and develop new process or methods
  • Demonstrated successful leadership skills with the ability to work effectively across various levels.
  • Clear experience and working knowledge of documentation management and GRC tools is a plus.
  • Exemplary track record of implementing innovative risk countermeasures and security controls specific to PCI-DSS, SSAE-16 and ISO-27001.
  • Self-directed and well organized; must be able to work with minimal supervision and meet deadlines with multiple projects
  • Experience in articulating security posture in a structured form, e.g. via RFP/RFI or questionnaires preferred
  • Certifications in one or more of the following areas preferred: CISSP, CISA, CISM, GCIH, CIPP, CC

About Our Benefits:

  • Competitive medical, dental, and vision insurance for you and your family
  • 401(k) and pre-tax health care, dependent care and commuter benefits (FSA)
  • "No policy" vacation policy
  • Commute up the peninsula on the MuleSoft shuttle
  • Gym discounts and on-site yoga classes
  • Mac or PC
  • Fully stocked kitchen, regularly catered lunches, weekly happy hours, family nights
  • Annual, all-company weeklong MeetUp trip for collaboration, learning, and inspiration

About Us:

MuleSoft is defining a new category of software to revolutionize the way the world connects data, devices, and applications. Our platform is at the heart of the apps and services you use every day from Global 500 corporations and emerging companies in more than 60 countries. We're one of the fastest-growing software companies ever, and MuleSoft has been awarded Best Place to Work time and time again. Headquartered in downtown San Francisco, we're growing fast with 15 global offices, including London, Buenos Aires, Sydney, New York City, and Atlanta. If you're inspired to do some of your best work with one of the smartest and most fearless teams in the world, we want to work with you. Join us!

Send this job to yourself or a friend.

Please mention
if asked how you found this job.