Senior Manager - Information Security and Compliance
About the Role:
The Senior Manager - Information Security and Compliance is responsible for overseeing security assurance programs, reporting on compliance levels, identifying non-compliance issues and security vulnerabilities, and managing remediation activities. An important part of the role is leading the end-to-end process of vulnerability identification, investigation, remediation, verification and continuous process improvement including automation. This mission critical role acts as the central conductor for required technical and project related activities across a matrixed organization. The mission of this position is to build and leverage a Security Assurance program (including vulnerability management) that will proactively reduce cyber risk to the organization.
What you will do:
- Coordinate the implementation of System Security programs across Cloud infrastructure platforms and establish continued vulnerability reporting criteria
- Conduct extensive investigations and analysis of largely undefined factors and conditions to determine the nature and scope of System Security problems and devise effective and efficient solutions
- Responsible for reviewing proposed new systems, networks, and software designs for potential System Security risks and resolving integration issues related to the implementation of new systems with the existing Cloud infrastructure
- Conduct the monitoring of new or emerging information technologies to assist in the identification of most effective approach or methodology to be applied in securing the Cloud infrastructures.
- Advise management or decision makers on System Security shortfalls and areas needing improvement or modification
- Implement higher-level System Security requirements such as those resulting from laws, regulations, or Government directives by developing long-range plans for System Security systems that anticipate, identify, evaluate, mitigate, and minimize risks associated with Cloud infrastructures’ vulnerabilities
- Ensures forensic and malware analytical activities are conducted within the organizations Cloud infrastructure platforms according to internal standards
- Help drive and support internal privacy programs including the EU-US Privacy Shield and Swiss-US Privacy Shield, etc.
- Lead, coordinate and manage internal and external assessments of lead privacy program and processes.
- Support internal privacy processes such as subject access requests, data records of processing activities, and privacy impact assessments.
- Support the development and maintain privacy documentation such as privacy notices and policies.
- Collaborate with business owners to prioritize projects and solutions to reduce privacy risk and improve compliance.
- Support the review of new product features and designs and provide guidance on requirements impacting App Annie privacy compliance framework.
- Support accurately and effectively App Annie’s privacy program to customers.
- Educate and train process owners about privacy and data protection.
What will you bring to the team:
- Minimum of 5+ years of experience in determining the appropriate System Security products or services with stakeholder Government customers to define a project scope, requirements and deliverables
- Minimum of 5+ years of experience in providing high level technical advice and counsel to top management and other key officials on matters relating to new or modified IT policies and programs that affect or relate to current and existing System Security functions and programs
- Minimum of 3+ years' experience ensuring the confidentiality, availability and integrity of IT systems through full compliance with the Federal Information Security Management Act and IT security policies and standards of various Government customers (i.e. Civil, DoD, USIC)
- Minimum of 3+ years' experience architecting information systems for accreditation under ICD 503, NIST SP 800-53 controls
- BS level technical degree required; Computer Science or Math background preferred
- This position requires that the candidate selected be a U.S. citizen and must currently possess and maintain an active TS/SCI security clearance with polygraph.
What additional experience you might bring with you:
- 5+ years of experience in Privacy, Data Protection, Privacy Engineering, and/or Information Security Compliance.
- Experience with regional privacy requirements throughout Asia, Europe, and the US and negotiating data protection agreements with customers and vendors.
- Expertise with topics such as EU-US and Swiss-US Privacy Shield, GDPR, data controllers, and data processors.
- Familiarity with security and privacy standards such as SOC, ISO 27001, ISO 27018, EU-US Privacy Shield and Swiss-US Privacy Shield, etc.
- Demonstrated experience in developing and managing a privacy compliance program that balances risk and the needs of the business.
- Experience with Software-as-a-Service or cloud service providers industry challenges.
- Excellent interpersonal, verbal, and written communication skills with the ability to communicate privacy concepts to a broad range of technical and non-technical staff.
- Demonstrated success working with internal audit, external auditors, outside consultants, and legal counsel.
- Equally comfortable working with other members of the team, as well as independently.
- Strong technical foundation to be able to develop App Annie privacy program best practices based on compliance requirements and App Annie systems and processes.
- Ability to manage multiple projects and deliver quality work to deadlines
- CIPP, CIPM, CIPT, CISSP, or other related certifications
- Experience in making recommendations for resolving System Security problems and requirements for multiple platforms that utilize a common Cloud infrastructure that Government customers leverage as an enterprise compute environment
- Delivery - Engagements that include projects proving the use of AWS cloud services to support new secure computing solutions that often span the Governments customers’ enterprise infrastructure. Engagements will include the secure migration of existing applications and development of new applications using AWS cloud services
- Experience in application security architecture, security code reviews, security testing, incident response, or security infrastructure
- Experience working with Risk Management Framework (RMF) and Security Controls Traceability Matrix (SCTM)
- Experience with Amazon Web Services
- Developing and interpreting policies, procedures, and strategies governing the planning and delivery of System Security services throughout an enterprise Cloud infrastructure;
- Providing technical advice, guidance, and recommendations to high level management officials and technical staff on critical System Security issues
- Applying knowledge of IT project management principles, methods, and practices to develop plans and schedules, estimate resource requirements, define milestones and deliverables, monitor activities, and evaluate and report on accomplishments
- Demonstrated experience administering Linux and Windows operating systems in accordance with applicable security controls
Why choose App Annie?
App Annie is the industry's most trusted mobile data and analytics platform. App Annie's mission to help customers create winning mobile experiences and achieve excellence. The company created the mobile app data market and is committed to delivering the industry’s most complete mobile performance offering. More than 1,100 enterprise clients and 1 million registered users across the globe and spanning all industries rely on App Annie as the standard to revolutionize their mobile business. The company is headquartered in San Francisco with 12 offices worldwide.What do we offer:
- Lots of responsibility + room for you to experiment and grow with the company.
- An international team of super-talented people from different cultural backgrounds (Beijing, San Francisco, Utrecht and more) and therefore lots of international travel opportunities.
- 16 days of paid leave, so long as you promise to come back!
- Competitive salary & stock options.
- Extended health and dental benefits.