Compliance and Security Manager

We are looking for a Compliance and Security Manager with a foundational understanding of cybersecurity and regulatory standards like ISO 27001, SOC 2 Type 2, and GDPR. This role will focus on supporting compliance initiatives, coordinating audits, managing third-party relationships for various cybersecurity services, and assisting in cybersecurity practices to protect against risks and ensure adherence to key standards.

Key Responsibilities:

Cybersecurity Support:

• Assist in implementing cybersecurity strategies to address emerging threats in collaboration with senior team members.
• Support incident response efforts, including documentation and basic triage under the guidance of senior security staff.
• Help develop and maintain cybersecurity policies and ensure procedures are accessible and understood by relevant teams.

Compliance Support:

• Support portfolio companies to manage and meet compliance obligations and serve as a point of contact during external audits as needed.
• Manage communications and deliverables for external audits and security inquiries and assessments.
• Maintain familiarity with data protection laws, assisting in the review and implementation of data protection practices under GDPR or related standards.
• Act as a supportive resource for day-to-day compliance and security inquiries.
• Support internal audit activities within the portfolio to ensure compliance with best practices.

Third-Party Management for Cybersecurity Services:

• Identify, evaluate, and select third-party vendors for cybersecurity services, including but not limited to security assessments, audits, and other related engagements.
• Negotiate contracts, fees, and terms with vendors on behalf of the portfolio companies, ensuring cost-effective, high-quality services.
• Coordinate with vendors on the scheduling and completion of cybersecurity projects, ensuring all requirements are met and that findings are documented for follow-up actions.

Audit and Risk Assessment Coordination:

• Assist in preparing for annual audits (ISO 27001, SOC 2 Type 2, PCI DSS), collecting necessary documents, and addressing basic audit findings.
• Perform routine risk assessments and gap analyses to identify compliance issues, working with teams to implement corrective actions.
• Maintain a risk register with oversight from senior leadership, documenting ongoing compliance efforts and incidents.

Training and Awareness Assistance:

• Help develop materials for compliance training and ensure employees are enrolled in Valsoft’s Security Awareness Training program.
• Actively promote a culture of cybersecurity and regulatory awareness across all portfolio companies.

Qualifications:

• Bachelor’s degree in Information Security, Compliance, Business, or a related field.
• 2-4 years of experience in a compliance or cybersecurity support role, preferably within a multi-company or portfolio environment.
• Familiarity with standards such as ISO 27001, SOC 2 Type 2, GDPR, and HIPAA.
• Experience with compliance documentation, audits, incident tracking, and vendor management.
• Certifications such as CompTIA Security+, ISO 27001 Foundations, CISM, or CISA are beneficial but not required.

Additional Skills:

• Ability to manage multiple tasks and collaborate effectively within a diverse team.
• Good written and verbal communication skills for interacting with various internal and external stakeholders.
• Familiarity with cloud-based infrastructures and SaaS environments is an asset.
• Strong organizational skills and attention to detail.

• Education Assistance Program
• Employee Referral Program