IT Compliance & Risk Manager
MuleSoft, Buenos Aires
Connecting the world's applications, data, and devices
About the Position:
MuleSoft's Governance, Risk, and Compliance (GRC) is looking for individuals to help us build our GRC program. The role will be instrumental in the design, build, maintenance, and management of key initiatives including ISO 27001, SOC 1/2, PCI, HIPAA, and other obligations. Our team is expanding in the main MuleSoft offices in San Francisco and Buenos Aires. The GRC's mission is to support our sales teams and cater to our customers needs in an ever changing compliance landscape.
The Compliance Manager will be an integral part of the team that will be responsible for scaling our global compliance program. This person will start as an Individual Contributor and demonstrate the ability to quickly ramp up on security requirements, handle vendor questionnaires and requests, ability to audit/assess key vendors and, has experience working in a high demand compliance role.
This position will be helping guide many other large and complex projects, and will work closely across partner teams in Security, Operations, Engineering and Product Management. They must have the ability to capture and articulate technical regulatory requirements, in a manner that brings clarity and eliminates confusion. The successful candidate has a communicative and collaborative approach to management with a strong grasp of the English language. They know how to assess cost and risks, and you’re adept at guiding individual teams in striking a healthy balance between their needs and the needs of the larger program. This role requires a mix of business and technical acumen, the ability to inspire and influence decisions pertaining to regulatory standards and a polished ability to communicate with key stakeholders.
- Manage, analyze, and complete a high volume of prospect and customer requests for information or questionnaires and lead customer-driven security evaluations
- Advise on Information Technology General Controls (ITGCs) processes and procedures.
- Manage, analyze, assess and recommend security controls for various compliance programs
- Perform compliance management and oversight of Scrum teams for implementing Compliance specific security controls
- Work with auditors, applications, infrastructure and other teams to achieve and maintain certifications and ongoing compliance
- Taking on multiple in-flight compliance programs including, HIPAA, IRAP, PCI, and GDPR efforts and others as they come online
- Managed and lead company wide training on compliance programs
- Perform relationship management and leadership of cross-cutting security development projects
- Develop and guide evidence creation, validation, and assessment workflows
- Strong verbal, presentation and written communication skills with the ability to appropriately communicate with the intended audience
- Proven track record of handling multiple projects simultaneously.
- Participate in the development and oversight of required corrective action plans relating to security compliance issues.
- Support business relationships with the internal and external security auditors and regulators.
- Support the communication of policies, procedures, and plans to internal stakeholders regarding security and compliance best practices around applicable laws, regulations and controls.
- Partner with internal teams to ensure successful security programs that align with compliance requirements.
- 3-7 years of experience in a technical compliance role around information security
- Strong command of English both written and verbal
- Experienced in running large scale cross cutting projects, requiring parallel efforts from multiple teams.
- Skilled in the ability to see dependencies, blockers, must haves and showstoppers before others do, and your detailed project planning will account for them.
- Ability to balance security priorities with compliance needs.
- Strong and proven project management skills required.
- Experience with developing security and compliance reporting.
- Experience in Agile, Lean and/or scrum methodologies, not afraid to try and develop new process or methods
- Demonstrated successful leadership skills with the ability to work effectively across various levels.
- Clear experience and working knowledge of documentation management and GRC tools is a plus.
- Exemplary track record of implementing innovative risk countermeasures and security controls specific to PCI-DSS, SSAE-16/18 or ISO 27001.
- Self-directed and well organized; must be able to work with minimal supervision and meet deadlines with multiple projects
- Experience in articulating security posture in a structured form, e.g. via RFP/RFI or questionnaires preferred
- Certifications in one or more of the following areas preferred: CISSP, CISA, CISM, GCIH, CIPP, CCSK
Over a decade ago, founder Ross Mason created a short string of text that pioneered a simple, powerful idea: why crank out custom code over and over when it's faster and more efficient to assemble the right components? Today, over 175,000 developers and leading companies in almost every industry depend on our game-changing platform.