SECURITY RISK AND COMPLIANCE OPERATIONS LEAD

The Purpose Driven Career Objectives of a Network /System / Database Administration at KMC:

Our client's Security Risk and Compliance team is looking for a Security Risk andCompliance Operations Lead to join our team. You will be responsible for driving andtracking project organization and execution across the team.

You will partner closely with members of the Security, Risk, and Compliance team tosupport continuous improvement of our operational processes, including customer trust,risk management, security compliance, and overall project execution. In addition, you willplay a role in contributing to ongoing work on the security compliance team, includingcustomer trust, third party risk management, and our security programs.

To apply for Network /System / Database Administration, you are excellent at:

• Build and improve on operational workflows for the Security Risk and Compliance team
• Drive reporting and updates on program and project status, health and effectiveness, and risks to leadership within Security and to business partners/stakeholders
• Automate administrative tasks in order to focus on more challenging operational priorities
• Play a role in facilitating the day-to-day activities of internal and external audit engagements (e.g. SOC 2, ISO 27xxx)
• Assist with vendor security reviews, due diligence, and third party risk management
• Assist in developing information security policies and procedures in accordance with company requirements and industry standards
• Advise, educate, and train internal stakeholders on how to effectively engage with the Security team
• Develop, gather, and periodically report on team metrics

Your Success Profile includes:

• 6-8+ years of experience in information security or governance, risk, and compliance at a technology company; Big 4 experience highly desirable
• BA/BS in relevant field or equivalent work experience in information security and/orgovernance, risk, and compliance
  ● Experience performing third-party vendor security reviews and due diligence
  ● Demonstrated understanding of information security frameworks (SOC 2, NIST, PCI DSS, 27001/17/18, CSA STAR, FedRAMP) and privacy frameworks (HIPAA, SOC 2 Privacy Criteria)
  ● Experience contributing to security audit programs and working with internal andexternal auditors
  ● Experience operationalizing workflows with an eye toward data-driven, continuous process improvement
  ● Experience developing and navigating documentation for internal stakeholders
  ● Experience with enterprise SaaS applications, cloud infrastructure, modern software engineering practices and tools, databases, operating systems, secure network design, and public cloud models such as AWS
  ●Knowledge of third-party risk management and/or procurement processes
  ● Knowledge working with a security and privacy training program at a technology company
  ● Excellent interpersonal and communication skills and the ability to be a strong liaison
  with internal and external teams
  ● Familiarity with project management tools and development and tracking of metrics
  related to project management and execution
  ● Ability to multitask, prioritize, and organize efficiently with minimal daily supervision
  ● Ability to learn new skills and tools to deliver the most effective solutions
  ● You are a problem solver and a forward thinker with excellent written and verbal
  communication skills