About Lotlinx
Lotlinx is the best in class, AI-powered Inventory Management solution for the automotive industry. Lotlinx uses advanced machine learning technology to help vehicle sellers analyze shopper data, identify high intent purchasers, and execute inventory-specific strategies to reduce days on lot and improve margin per vehicle.

Security and Compliance Manager

Job Description

Lotlinx is currently seeking an experienced Security and Compliance Manager to join our dynamic team. In this role, reporting directly to the VP of Product Operations, you will be instrumental in ensuring our adherence to legal standards and internal policies, with a specific emphasis on the convergence of software development, operations, organizational culture, and security.

This position is tailored for individuals with a comprehensive background in compliance, information security, and risk management, who are eager to instigate significant changes in a high-paced environment. As the key point of contact, you will assume responsibility for all facets of cybersecurity and compliance project management – from initiation and planning to execution and monitoring.

This newly established role at Lotlinx offers the autonomy and opportunity to develop and implement processes and frameworks, where you'll have a lasting impact. Success in this role hinges on your ability to build trust, adapt quickly, actively learn, communicate clearly, champion efficiency, and willingly tackle formidable challenges. If you are ready to thrive in a position where you can make a substantial impact while steering your own professional trajectory, we encourage you to apply.

Key Responsibilities

• Regulatory Compliance Expertise: Act as a subject matter expert for cybersecurity and compliance projects, providing guidance and leadership in adherence to relevant laws and regulations in both Canada and the United States, with a focus on SOC 2.
• Roadmap Oversight and Governance: Oversee the execution of the cybersecurity roadmap and governance framework, ensuring alignment with compliance standards like SOC 2. Provide progress updates and track changes in the organization's cyber risk and security posture, staying abreast of laws in Canada and the United States such as the California Consumer Privacy Act (CCPA) and the Gramm-Leach-Bliley Act (GLBA).
• Internal Audits and Risk Assessments: Conduct internal audits and risk assessments, ensuring strict adherence to compliance standards.
• Cross-Departmental Collaboration: Collaborate with various departments to integrate compliance controls into operational processes, ensuring alignment with legal requirements.
• Security Activities Planning and Execution: Plan and execute security activities, including cybersecurity awareness training, tabletop exercises, DR tests, penetration tests, etc.
• Security Event Processes: Establish and execute processes for security events, ensuring timely response, investigation, containment, reporting, and continuous improvement.
• DevOps Collaboration: Collaborate with DevOps teams to integrate automated security tools into the CI/CD pipeline.
• Application Security Testing: Perform Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), and Software Composition Analysis (SCA).
• Security Scan Results Review: Review security scan results, prioritize vulnerabilities using a risk-based approach, and collaborate with development teams for resolution.
• Application Architecture Evaluation: Evaluate application architecture for security issues and flaws, addressing concerns such as network security, IAM misconfigurations, encryption, and key management.
• IAM Effectiveness Assessment: Assess the effectiveness of Identity and Access Management (IAM) controls, access controls, and user management processes.

Qualifications

• Minimum 3 years of experience in a compliance and/or cybersecurity role, with a preference for those with exposure in the software industry.
• Bachelor’s degree or equivalent in Information Technology, Cybersecurity, or a related field.
• Possession of professional certifications related to cybersecurity, compliance, and risk management (e.g., CISM, CISSP, CISA) is considered an asset.
• Technical and problem-solving skills in the context of IT Service Management (ITSM) or ITIL are considered an asset.
• Ability to learn and translate technical issues into a business risk context.
• Demonstrated proficiency in presentations and status reporting.
• Strong administrative and organizational skills.
• Talent to promote collaboration between stakeholders, solve problems, achieve objectives, meet schedules, improve efficiencies, exercise good judgment, and communicate clearly.
• Proven experience in managing compliance within technology and software development environments.
• Deep understanding of IT security principles, risk management, and product lifecycle.