Responsibilities

• The Security & Compliance Manager works with product and engineering leads, as well as our government partners, to understand security and compliance requirements for a variety of initiatives, translate those requirements into effective, but flexible processes that ensure compliance while minimizing burden on the product development lifecycle, and create related documentation for a wide variety of audiences
• The manager also partners with sales leads, as an expert able to address customer questions concerning current and future security posture of RudderStack
• This manager demonstrates experience working with a variety of stakeholders to design and implement compliance processes that support the software development cycle
• Demonstrates an understanding of how changes may impact software security and privacy
• Creates processes that support the delivery of secure and compliant systems while minimizing burden and impact on product teams
• Operates within the context of the full software development lifecycle
• Takes a consultative and proactive approach to understanding requirements, designing effective processes, and identifying opportunities for improvement
• Delivers formal documentation (i.e., System Security Plans, Version Description Document, contracts, application documentation) and translates complex technical terms for a wide variety of audiences
• Engages with internal and external stakeholders to manage security and compliance expectations and deliverables

About the Role:

• Our roles are remote first, and can be based anywhere in the US (#LI-Remote).

• Develop and cultivate strong working relations with industry regulators, accreditation bodies, authorizing officials, and qualified auditing firms
• Drive strategy and processes for the overall implementation and operations of privacy compliance programs aimed at maintaining industry accreditations and certifications
• Maintain an in-depth understanding of essential compliance requirements, standards, guidance, and interpretations of data protection laws and regulations
• Advise process/control owners with the preparation and ongoing maintenance of controls and control documentation (e.g., policies, procedures, narratives, and matrices)
• Assist with and drive remediation of control and process deficiencies and gaps identified internally and externally
• Build strong relationships with business partners and facilitate continuous improvement aligned with operational processes and drive Privacy by Design initiatives
• Collaborate with external legal teams to assess the implications of new or amended privacy laws
• Develop and maintain Privacy Notices for websites, tools, etc., globally
• Handle and respond to data subject requests and data privacy-related complaints, including customers' security questionnaires
• Develop privacy-related procedures
• Monitor and evolve SOC 2 Type I/II; HIPAA; and GDPR compliance programs, including annual audits, internal training, and awareness-raising activities
• Coordinate Privacy Impact Assessments and the handling and resolution of data incidents, including actual and potential data privacy incidents
• Assess the data privacy risks of new and existing vendors, including reviewing responses to the data privacy section of the vendor due diligence questionnaire
• Develop Data Privacy training for the firm and additionally to the business as needed
• Prepare presentations and communication to senior management, including the Security and Privacy Council

Requirements:

• 4+ years of experience in IT and Information Security.
• Exceptional organizational and project management skills, including the ability to multi-task and lead many ongoing privacy initiatives
• Self-motivated and thrive in a fast-paced environment
• Proven track record of delivering on assigned responsibilities on time using interpersonal and communication skills
• A standout teammate who builds positive relationships and collaborates across multiple functions and/or levels of a globally diverse organization, including outside service providers
• Track record of building credibility and trust through consistent behavior, high integrity, and judgment
• Intellectual curiosity, a dedication to professional development, an ability to learn, and an up-to-date functioning understanding of current privacy trends
• Proven record navigating unstructured processes and simultaneously handling responsibilities with multiple, exciting demands
• Proficiency of foundational requirements of global data privacy laws such as the EU/UK General Data Protection Regulation (GDPR), and California Consumer Privacy Act (CCPA), as well as State-specific privacy laws
• Supporting certifications (e.g., CIPM preferred, CISA, CRISC, CISSP)
• Experience working in, global organizations
• Previous experience in Product SaaS company is an advantage
• Ability to build relationships, motivate people, instill accountability, and drive results
• Agile, proactive, and comfortable working in ambiguous situations