As the Director of Global Security and Compliance, you will oversee security and compliance, and vendor relationships aligning these with our business goals. You will work collaboratively with others in Symend to ensure that Symend adheres to all relevant regulations, standards, and best practices while proactively mitigating security risks. Your guidance will be crucial in maintaining our reputation for integrity, confidentiality, and reliability ensuring that our security and compliance initiatives support Symend's overall strategic objectives.
This role is based in Canada.
Roles and Responsibilities include:
Security and Compliance:

• Develop and implement global security policies, procedures, and guidelines to ensure compliance with regulatory requirements (e.g., SOC II, ISO 27001).
• Collaborate with internal teams to implement necessary controls and measures to achieve and maintain compliance.
• Conduct regular audits, risk assessments, and vulnerability management activities to validate compliance and identify and mitigate potential security threats.
• Collaborate with cross-functional teams to integrate security and compliance requirements into business processes and systems development lifecycle.
• Manage external audits and assessments, ensuring timely and accurate reporting of compliance status to executive management and regulatory bodies.
• Stay informed about emerging security threats, industry trends, and regulatory changes to recommend proactive measures and adjustments to the security posture.
• Manage and maintain Security Operations
• Manage incident response and tabletop exercises
• Manage vulnerability management of endpoints including policy and compliance configuration including collaborating with a third-party managed services provider
• Manage third-party risk management activities including vendor vetting, renewal, and reviews
• Participate and lead client initiated third-party risk management reviews and activities
• Ensure quarterly, bi-annual, and annual compliance activities are completed and meet SOC2 Type II and ISO 27001 standards.
• Communicate the security posture of the organization to executive management
• Collaborate with Cloud Engineering to remediate posture management alerts, plan hardening exercises of Cloud infrastructure

Vendor Management:

• Establish and maintain relationships with cloud service providers, negotiating contracts and terms where necessary.
• Evaluate vendor performance against established benchmarks and service level agreements (SLAs).
• Track vendor compliance with agreed-upon terms and conditions, identifying areas for improvement and suggesting actionable steps.

Education:

• Bachelor's degree in information technology management, Computer Networking Technology, Computer Science or a related field

Experience:

• Extensive Leadership Experience: Over 10 years of progressive experience in security and compliance roles, with at least 5 years in a leadership position within a SaaS company serving highly regulated industries.
• Hands-on Audit Experience: Demonstrated hands-on experience with SOC 2 and ISO certification audits, including preparing for and leading audit processes, addressing findings, and achieving successful outcomes.
• Regulatory Knowledge: Comprehensive knowledge of global regulatory requirements and industry standards, including GDPR and CCPA/CCPR, and others relevant to Banking, Wireless and Utilities sectors.
• Security Frameworks: Proficiency in implementing and managing security frameworks such as NIST, CIS, and other relevant frameworks.
• Risk Management: Proven experience in conducting risk assessments, identifying vulnerabilities, and implementing mitigation strategies to manage security risks effectively.
• Incident Response: Expertise in developing and managing incident response plans, including leading and coordinating responses to security incidents.
• Vendor Management: Experience in managing third-party vendors, conducting security assessments, and ensuring compliance with security policies and regulations.
• Project Management: Strong project management skills, with the ability to lead cross-functional teams and manage multiple projects simultaneously.

Certifications:

• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA)
• ISO/IEC 27001 Lead Implementer
• Certified Cloud Security Professional (CCSP)

Competencies:

• Strategic Vision: Ability to develop and execute a strategic vision for global security and compliance, aligning with business objectives and regulatory requirements.
• Technical Expertise: In-depth technical knowledge of security technologies, tools, and practices, with the ability to apply this knowledge to enhance the company's security posture.
• Analytical Skills: Strong analytical and problem-solving skills, with the ability to assess complex security issues and develop effective solutions.
• Communication: Excellent verbal and written communication skills, with the ability to communicate complex security and compliance concepts to both technical and non-technical stakeholders.
• Leadership: Exceptional leadership and team-building skills, with the ability to inspire and motivate teams to achieve high performance.
• Adaptability: Ability to adapt to changing regulatory environments and emerging security threats, ensuring the company's security and compliance programs remain effective and current.
• Ethical Judgement: Strong ethical judgment and integrity, with a commitment to upholding the highest standards of security and compliance.
• Customer Focus: A customer-centric approach, understanding the unique security needs of customers in highly regulated industries and ensuring their requirements are met.

Powered by JazzHR

rhYL8ya2C6