Information Security Compliance Associate Program Manager
1 year of experience with project or program management, governance and security processes
1 year of experience with the software development life cycle
1 year of experience with one or more security compliance frameworks: AICPA Trust Principles (SSAE 16 ? SOC 2 and 3), ISO 27000 Series, PCI DSS, HIPAA, SOX, SANS CIS Critical Security Controls, regulations governing personally identifiable information and other regulatory compliance frameworks?
1 year of experience with Microsoft Excel, Power BI, Tableau, Python, R or other data analysis tools?
Bachelor?s degree in computer science, information technology, or a related field or equivalent experience
Preferred Qualifications ?
3 years of experience with project or program management, governance and security processes
3 years of experience with the software development life cycle
3 years of experience with one or more security compliance frameworks: AICPA Trust Principles (SSAE 16 ? SOC 2 and 3), ISO 27000 Series, PCI DSS, HIPAA, SOX, SANS CIS Critical Security Controls, regulations governing personally identifiable information and other regulatory compliance frameworks?
3 years of experience with Microsoft Excel, Power BI, Tableau, Python, R or other data analysis tools?
Program Management Professional Certification
Proficiency in the Microsoft Office suite
Job Summary As part of the Information Security team, the Associate Compliance Program Manager is responsible for guiding cross-functional teams across technology in the planning, execution and delivery of compliance processes that demonstrate adherence to regulatory and contractual obligations. They work with business and technology partners to coordinate the efforts of team members and third-party vendors to complete audits, implement improvements according to plan and bring awareness to information security.
Coordinate and execute compliance processes and due diligence efforts with internal and external stakeholders to provide timely deliverables and rapid remediations
Develop a performance dashboard and metrics for regular reporting to all levels of the organization on program status and performance
Develop and evangelize frameworks and best practices around compliance and information security to be utilized as part of the organization?s software development life cycle
Continuously identify, assess and advise on IT and business-related risks and control weaknesses
Deliver program reporting utilizing tools to track planning, scheduling, issues and overall status of compliance efforts
Assist with technical issues and advise on control requirements as needs arise
Effectively manage multiple projects with competing priorities
Diagram processes to identify process gaps and potential areas for improvement
Drive the execution of program plans across cross-functional teams, monitor risks, take appropriate action to address challenges and provide regular updates to key stakeholders
Work with subject matter experts and utilize internal and external data/metrics to analyze results for compliance or unfavorable trends
Develop communications to drive awareness of compliance and information security programs across the organizations
Who We?Are? Rock Central is a Detroit-based ?professional services company obsessed with delivering innovative, effective solutions to meet the diverse needs of our clients. From legal and finance to technology and public relations, our?expertise spans from executive consulting all the way to tactical implementation. We thrive at the intersection of people, process and technology?and empower our partners to unleash the maximum potential of their business through unmatched partnership?and the entrepreneurial spirit of a startup. From the smallest venture to the largest enterprises, we believe having an impact is never a questionit?s part of our DNA.?
Disclaimer This is an outline of the primary responsibilities of this position. As with everything in life, things change. The tasks and responsibilities can be changed, added to, removed, amended, deleted and modified at any time by the leadership group.