VASCO Data Security is a global leader in trusted security with two-factor authentication, transaction data signing, document e-signature and identity management solutions designed for all businesses and government agencies. VASCO also secures access to data and applications in the cloud and provides a robust toolset for application developers to easily integrate security functions into their web-based and mobile applications. More than 10,000 customers in 100 countries rely on VASCO to secure access, manage identities, verify transactions, simplify document signing and protect high value assets and systems.
At VASCO, our employees work with diverse and talented teams and individuals who strive for excellence while offering outstanding customer service to our customers. Our mission is to attract and retain top professionals from a wide range of backgrounds and support them to successfully integrate into VASCO’s culture and constantly develop and grow in their careers in order to be at the cutting-edge of the security industry best practices.
Reporting to the Chief Information Security Officer, the Information Security and Privacy Compliance Manager will be responsible to ensure the company operates in compliance with applicable security and privacy-related standards and requirements, and will demonstrate such commitment both internally and externally by driving continued compliance efforts. This includes maintaining and reporting on security controls required by ISO 27001, ISO 27018, SOC 2, HIPAA/HITECH, GLBA, Sarbanes-Oxley, FISMA, FedRAMP and other regulatory requirements and security and privacy compliance frameworks.
More specifically, the Security and Privacy Compliance Manager will be responsible for continuous improvement of the company’s security and privacy compliance posture through leading and taking an active part in all information security and data privacy-related audits, certifications and compliance initiatives. This includes ensuring company’s products and services, and more specifically its SaaS offerings, meet and operate according to security and privacy company policies, customer commitments, contractual, legal and regulatory requirements, as well as adopted security and privacy-related frameworks. The Security and Privacy Compliance Manager will ensure that the required administrative, technical and physical controls are identified, documented, implemented, maintained and periodically tested to ensure they operate effectively and efficiently across the organization.
This position will respond to third-party audit requests, perform information security risk and privacy impact assessments, partake in testing of controls, follow-up on vulnerability remediation initiatives and recommend improvements to reduce, contain and mitigate risks. The successful candidate will fill a hands-on global leadership role, leading by influence other company teams in their security and privacy compliance and certification efforts.
- Lead and actively partake in company security and privacy certification and compliance initiatives, including ISO 27001/27018
- Map and document all security and privacy compliance requirements
- Monitor existing controls and conduct periodic audits and reviews to ensure their efficiency and operating effectiveness, to ensure that compliance requirements are met and to identify and report on potential issues
- Develop metrics to report on security and privacy compliance
- Lead the development and timely implementation of, and monitoring and reporting on required corrective action plans relating to security and/or privacy compliance issues or audit deficiencies or observations
- Develop and implement risk management strategies to avoid compliance issues
- Develop and maintain a vendor risk management program
- Collaborate with product management, product owners and project teams on security and privacy impact analyses and definition of security, privacy and compliance requirements relating to our products and services
- Collaborate with product management, product owners and architects in identifying, defining and prioritizing security-, privacy- and compliance-related product and operational improvements
- Advise technical professionals on the implementation of controls to meet security and privacy compliance requirements and best practices
- Actively support the sales process by ensuring prompt response to customer security and privacy compliance-related enquiries
- Discuss security and privacy compliance related issues with management and employees and provide employee training on compliance related topics, policies, or procedures, as required
- Act as liaison with, and provide assistance to internal and external auditors, and customers on compliance reviews and audit initiatives
- Maintain documentation of compliance activities to support audit requests
- Participate in the development, review and implementation of security and privacy-related policies, standards, guidelines and processes throughout the organization
- Keep informed regarding industry changes, trends, and best practices and assess the potential impact of these changes on organizational processes
Requirements: Must-have skills and experience
- Bachelor’s degree in Information Systems, Accounting, Business or related field
- Minimum of 10 years of cumulated hands-on audit, security, privacy and compliance experience
- Professional certifications in the security, privacy, risk management and audit areas highly desirable: CISSP, CRISC, CISM, CISA, CIPP, CIPT, CPA, ISO 27001 Lead Implementer, ISO 27001 Lead Auditor, ISO 27005 Risk Manager
- Strong leadership
- Field experience in leading multiple security and/or privacy audits and/or compliance initiatives, preferably in large audit firms
- Experience in regulatory compliance
- Ability to understand and translate business needs and compliance requirements into actionable technical and administrative controls
- Good understanding of security, privacy and compliance domains
- Excellent analytical skills and attention to detail
- Excellent communication & documentation skills
- Strong command of the English language
- Demonstrated initiative
- Ability to plan and deliver on commitment
- Good prioritization skills·
- Strong problem-solving and decision-making skills
Additional desired skills and experience
- Experience in implementation of standards and frameworks such as ISO 27002, NIST 800-53,
- Familiarity with FISMA, FedRAMP, Sarbanes-Oxley HIPAA, PIPEDA Cloud Security Alliance Star program and other security and privacy-related laws, regulations and frameworks.