We are looking to add an enthusiastic, passionate Security and Compliance Manager to our security and compliance team. If you have experience with SaaS software companies and security audits, let’s chat.
This is an amazing opportunity to join a fast-growing restaurant software company, with some of the largest restaurant chains in the U.S. as customers. Backed by top venture capital firms, SynergySuite has expanded over the last 3 years across Europe and the U.S. For the right candidate, this is an opportunity to join a rapidly expanding technology team with strong potential to grow your career. We are currently building out our teams in Lehi, Utah; Podgorica, Montenegro; and Dublin, Ireland.
What you’ll be doing:
- Establish and maintain up-to-date, easy-to-understand, referenceable, and usable information security and privacy policies and plans that comply with our applicable frameworks and regulations (e.g., SOC2, ISO 270001, NIST, OWASP, GDPR). Establish and maintain an inventory of all procedures that support these policies and plans.
- Facilitate the external SOC2 and ISO 27001 audits leading to predictable and favorable outcomes.
- Operate the controls necessary for ongoing external audits.
- Provide evidence artifact requests to assessors in a timely manner.
- Assist in the policy lifecycle by monitoring changes to the standards and regulatory landscape as it pertains to the organization.
- Consult relevant regulatory, information sources and resources, and technical documents, to obtain background information and verify pertinent guidelines and regulations governing technical documentation deliverables are applied.
- Execute the annual risk assessment and keep the risk treatment plan up-to-date and actionable, with owners, plans, and decisions on risk treatment items.
- Maintain our Business Continuity Plan, with supporting documentation (BIA, critical processes, plans, etc.), to include disaster recovery, pandemic, crisis, evacuation, and other plans.
- Maintain professional and technical knowledge by attending educational workshops, reviewing professional publications, establishing personal networks, benchmarking state-of-the-art practices, and participating in professional societies.
- Continuously promote security awareness and look for ways to block security threats when identified.
- Direct, hands-on experience facilitating IT Security Audits (SOC2 & ISO)
- Project management experience
- 3 or more years of experience in the compliance governance, risk or cyber security field
- Knowledge of published security standards (NIST, OWASP, ISO, California Consumer Privacy Act)
- Security and compliance certifications preferred
- Experience delivering documentation to both technical and non-technical audiences
- Must be able to effectively communicate with varied company stakeholders utilizing excellent verbal and written communication skills
- Ability to establish credibility and working relationships with a wide range of corporate personnel, including operations, management, executive and legal staff as well as external personnel, including auditors and custom