Demonstrated success working in multiple compliance/audit frameworks, supporting these types of assurance: SOC 1/SOC 2 (SSAE18) and ISO 27001.
Prior work experience in requirements development, program management, and/or process improvement efforts in a technical company, preferably at a SaaS provider.
Ability to understand and work effectively against metrics/KPIs which assess program performance. The ability to partner with and effectively communicate to security, engineering, and dev/ops staff.
Experience working on a remote team in an asynchronous workflow.
Recommend programmatic and technical directions and operate with a high degree of independence in matters relating decisions regarding risk, and measures for computer and network security.
Internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls
Ensure IT activities, processes, and procedures meet defined requirements, policies, and regulations.
Coordinates with Security Engineers, IT Operations teams, and customers to develop and maintain the Plan of Actions and Milestones (POA&M), Acceptance of Risk (AOR) and other required security documentation, processes, and procedures.
Work with corporate assessment team and systems staff to gather, document and review evidence in support of applicable frameworks (SOC, ISO27001).
Work with system administrators to ensure appropriate scanning and patching activities are maintained.
Ability to prepare security compliance reports with sufficient quality such that very minor, or no, edits are required.