Information Security & Compliance Manager (remote)

Company: Respondus
Location: Boston
Posted on: June 25, 2022

Job Description:

About RespondusRespondus is a leading developer of assessment applications for higher education and K-12 schools and districts. Our applications make it easy to create online exams, self-assessments, and learning games. We also make powerful tools that protect the integrity of online exams. - -
Why join us? Our work matters - assessments help educators know what students are learning. It's at the beginning, middle, and end of the education process. -
-Thousands of universities, K-12 districts, publishers, and testing centers use our applications to deliver 120 million assessments annually. We've been leaders in the education industry for over 20 years and are a growing, profitable business that is laser-focused on customers. Nearly all our revenue is recurrent (which means institutions pay us an annual fee to use it) and we have no debt or outside investors. This lets us concentrate on long-term growth that is customer-focused. - -
We are currently only reviewing applicants residing in Arizona, Arkansas, Colorado, Massachusetts, Montana, New York, South Carolina, Texas, Virginia and Washington. - -
About the RoleAre you a seasoned security professional passionate about compliance, security, and risk management? Read on! -
We are looking for an Information Security & Compliance Manager who has a deep understanding of compliance and risk management in the SaaS landscape. In this role, you'll partner with our Data Privacy Officer, Technical and Executive teams to build out and maintain our information security compliance program. -This is a key role in driving our Security, Risk, and Compliance posture.
Responsibilities: --- Support Respondus' security & compliance projects and audits (e.g., TX-RAMP, SOC 2, HECVAT, and others)--- Work with teams such as Data Privacy, IT, R&D, Legal, and HR to ensure audit readiness and security compliance across the organization--- Communicate progress, escalations, and issue resolution to management and team members--- Help mature the security compliance program by facilitating internal control deliverables; conduct internal monitoring and auditing; determine compliance metrics and a tracking system.--- Conduct vendor risk assessments, including new vendors and periodic reviews of existing vendors--- Lead for vendor security information requests from Respondus customers--- Coordinate periodic review of company policies and procedures; assist with content as needed--- Facilitate management risk assessment and periodic Business Continuity/Disaster Recovery tests; manage Incident Response event records
-Requirements: --- Bachelor's or master's degree in a technical field (Computer Science, Cybersecurity, etc.) or equivalent experience. -Ability to understand and communicate technical concepts is a must.--- 3+ years of relevant work experience in a security compliance role--- CISSP, CISM, or other relevant security certifications strongly preferred--- Experience in and understanding of at least two of the following security frameworks: ISO 27001, SOC 2, NIST 800-53, PCI-DSS, HITRUST. -A role directly involved in SOC 2 or NIST-based certification preferred, FedRAMP experience is a plus. -Have a working knowledge of data protection regulations.--- Audit experience--- Strong understanding of the business impact of security tools, processes and policies as well as high proficiency in how to assess risk and business impact.--- Able to develop internal standards to maintain compliance with security frameworks--- Excellent interpersonal communication, teamwork, and project management skills--- Strong personal integrity, accountability, and ability to take ownership of specific projects and action items--- Strong written and verbal communication skills with the proven ability to translate security compliance needs to business and technical groups (internal / external) ---- Able to foster a collaborative and respectful working environment -
And if these statements describe you, please apply: ---- Innately curious, process-oriented, data-driven, and take pride in owning and improving your area of work ---- Confirmed ability to operate effectively and autonomously in situations of ambiguity, with only high-level direction - -
More Information
We are currently only reviewing applicants residing in Arizona, Arkansas, Colorado, Massachusetts, Montana, New York, South Carolina, Texas, Virginia and Washington. - -
This position is full-time remote from state of residence and requires a work environment that is free of distractions. Flexibility is required to accommodate meetings with staff on both coasts of the United States. You must live in one of the states listed above.
-Salary is competitive and will be commensurate with experience. We also have a company-paid health plan, vacation package, a matching 401(k) plan, and a bonus plan. -
-As an equal opportunity employer, Respondus is committed to a diverse workforce. Employment decisions regarding recruitment and selection will be made without discrimination based on race, color, religion, national origin, gender, age, sexual orientation, physical or mental disability, gender identity and expression, veteran status, or other non- job-related characteristics or other prohibited grounds specified in applicable federal, state and local laws. However, we cannot hire anyone who needs visa sponsorship. -
-Next Steps - -If you are interested in this position, please send a cover letter by email to jobs@respondus.com along with your resume. - -We place high importance on the cover letter. It's our first step in evaluating your interest in this particular position, and who you are as a person. - -

Keywords: Respondus, Boston , Information Security & Compliance Manager (remote), Executive , Boston, Massachusetts