Senior Manager of Security Risk and Compliance at Abstract
Title: Senior Manager of Security, Risk, and Compliance
Location: United States
About the Role
The Senior Manager of Security, Risk, and Compliance will work with key stakeholders and Executive Management to determine acceptable levels of risk to the organization, and accordingly develop and enforce risk management controls and protocols. Technology (both IT and product), finance, personnel, legal, and regulatory risk to the business are within scope, which can evolve as determined by Management.
Ultimately, you will develop, execute and maintain a comprehensive, enterprise-grade security & risk management program, and ensure ongoing regulatory compliance. You will also work closely with customers and partners to ensure their confidence in using Abstract by answering their questions and audits in close partnership with Sales & Legal. The complexity of this position requires a leadership approach that is engaging, imaginative, and collaborative, with the ability to help the company balance security & compliance needs with other priorities in service of achieving business goals and ensuring customers feel confident using Abstract.
This is a manager-level position reporting into the VP of Business Operations, with oversight of our Security Engineer and strong expectations of significant hands-on work.
What you’ll do:
- Establish annual and long-range security and compliance goals, and define security strategies and metrics.
- Successfully lead Abstract through key external audits as deemed necessary by management (e.g. SOC2, ISO27001…)
- Lead efforts to obtain and maintain key certifications for Abstract as identified by you and deemed necessary by management (e.g. US-EU Privacy Shield)
- Lead your team to facilitate regular cross-functional internal risk & security audits across our product and organization, and work with management to prioritize and close gaps or concerns as needed, including regular external and internal penetration tests and vulnerability assessments
- Manage the ongoing educational program for privacy and security awareness for Abstract employees and contractors
- Manage third-party security assessments, and represent Abstract’s security posture to customers and partners in support of external-facing teams via email, phone, and video communication
- Develop and implement effective and reasonable policies and practices to protect data and ensure information security and compliance with relevant legislation and business needs, and ensure the company is in compliance by implementing and enforcing governance mechanisms
- Examine the impacts of new technologies and vendors on the company’s overall information security ecosystem, and establish processes to review the introduction of new technologies to ensure security compliance
- Develop and implement business continuity plans, and conduct tabletop exercises to ensure the ongoing efficacy of these plans
What you’ll bring:
- 10+ years experience in compliance, risk management or other internal control functions related to security, particularly with operationalizing and scaling risk management and compliance programs
- You maintain an advanced level security certification (CRISC, CISSP, CISM, CISA)
- Knowledge of common regulatory, security, and privacy frameworks, such as NIST, OWASP, SOC, ISO, GDPR, CCPA
- Successful management of a SOC2 Type II (or equivalent) audit
- Ability to manage concurrent external audits (i.e. drive multiple security-oriented audits from Fortune 500 companies to completion in a timely manner)
- Eagerness to help customers and partners understand and trust in our security posture
- An ability to build consensus and navigate ambiguity
- Excellent written and verbal communication skills
- Strong project management and prioritization skills
- Ability to translate technical or obscure topics into easy-to-understand frameworks to help employees and leadership understand security-related priorities
- Creative thinking: you have the ability to research alternative ways to address problems and make well informed and timely decisions.
At Abstract, we offer resources that emphasize personal and familial well being. We provide 99% healthcare coverage, as well as dental, vision, and life insurance options. We offer 10 weeks parental leave, unlimited paid-time off, and flexible working arrangements. Additional perks include dependent care, a stipend to set up your home office, a monthly wellness stipend, health care FSA, and commuter benefits.
To help employees plan for the future, we’re able to offer competitive pay and a 401(k).
We are a distributed team and we are able to offer US-based remote employment. We offer travel opportunities for company meetings, team meet-ups, and the occasional conference.
Abstract is a design workflow platform for teams to version, manage, and collaborate on Sketch files. Our company’s mission is to dramatically improve the productivity, transparency and impact of Design. Since launching in July 2017, over 5,000 design teams across 75 countries have adopted Abstract, including teams from Microsoft, Cisco, Intuit, Salesforce, Instacart, OpenTable, and more.
At Abstract, we are actively working to build a diverse and inclusive organization. Here, diversity includes age, economic class, educational background, ethnic variance, familial status, gender, gender expression, gender identity, marital status, national origin, religious affiliation, sex, sexual orientation, transgender status, or veteran status.
Abstract is fully-remote (US-based only at this time). If you have a passion for rolling up your sleeves, building new programs, and have a strong, team-player mentality, we’d love to hear from you!
Sign up for Daily Remote Job Alerts!