Cybersecurity and Global Risk and Compliance Manager

Posted:
10/2/2024, 10:08:06 AM

Location(s):
San Diego, California, United States ⋅ California, United States

Experience Level(s):
Senior

Field(s):
IT & Security

Who We Are

At Platform Science, we’re working to connect everything that moves.

Founded in 2015, we are an open IoT platform that partners with innovative fleets, application developers, vehicle manufacturers, and equipment providers in the transportation industry to deliver revolutionary solutions to supply chain professionals across the globe.

Our employees are an engaging, diverse group of people who believe in the power of great ideas. We hire people with different experiences and perspectives to build a company culture that fuels growth through innovation.

We value thoughtful actions and empathy for others.  We approach challenges with resiliency and creativity, while encouraging transparency because, no matter our backgrounds or responsibilities, we are one team.

About the Role

We are seeking an experienced Cybersecuirty and Compliance Manager to lead and oversee compliance efforts related to SOC2 and ISO standards across our SaaS business. The ideal candidate will be a subject matter expert (SME) in compliance management, cyber security, and privacy regulations, with a focus on ensuring ongoing certification and audit readiness. This role will be key in maintaining our company's leadership in cyber security within the telematics industry and supporting newly acquired teams and technologies.

Essential Responsibilities

  • SOC2 and ISO Compliance Management: Oversee and manage the SOC2 and ISO compliance processes throughout the year, ensuring continuous readiness and maintaining certification status. Committees include but not limited to:
    • 3rd Party Compliance Manager
    • Data Protection Committee lead
    • AI/ML Committee member
    • Cybersecurity Steering Committee member
    • Red Team member
  • Audit Supervision: Serve as the point of contact for SOC2 and ISO audits, working closely with external auditors and internal teams to ensure successful audit completion.
  • Cadence Management: Week-to-week management of key compliance activities and cadence items to maintain and improve compliance posture.
  • Policy Review and Updates: Regularly review, update, and improve security and privacy policies to ensure they align with the latest industry standards and regulatory requirements, including GDPR and US privacy laws.
  • Evidence Collection Automation: Act as the SME in automating and streamlining evidence collection for audits and compliance processes.
  • Acquisition Integration: Lead the onboarding of newly acquired businesses into our SOC2 and ISO compliance framework, ensuring a smooth transition and full integration into existing processes.
  • GDPR and Privacy Compliance: Ensure the business stays compliant with evolving GDPR and US privacy regulations, advising internal stakeholders on necessary changes or improvements.
  • Consulting for IT and Security Teams: Provide SME guidance to IT for the onboarding of newly acquired Windows environments and support the integration of mobile device management for new PC users.
  • Continuous Improvement of Cybersecurity and Privacy Posture: Work with cross functional teams to identify opportunities to improve cybersecurity posture, response and compliance to include tooling, automation, workflows and testing.
  • SOC Point of Contact: POC for external SOC provider, liaison with internal teams, track findings and mitigations; work with internal teams to develop timelines and SLA’s for resolving posture findings.  Provide SME in onboarding of vendor.
  • Acquisition Cyber Workstream: Provide subject matter expertise in merging acquisition employees into our cyber security framework (endpoint, firewall, IAM, etc.)
  • Cybersecurity Leadership: Collaborate with cross-functional teams to ensure best practices in cybersecurity are maintained across all business areas, including acquisitions and newly integrated environments.

Experience

  • Proven experience managing SOC2 and ISO 27001 compliance in a SaaS or technology company.
  • Strong knowledge of GDPR, US privacy laws, and evolving global privacy requirements.
  • Expertise in audit management, including serving as a primary point of contact for external auditors.
  • Experience with evidence collection automation and managing compliance cadence activities.
  • Ability to integrate newly acquired teams and systems into existing security and compliance processes.
  • Experience working with Windows environments and mobile device management for PCs.
  • Strong communication and leadership skills, with the ability to work across departments and with external stakeholders.
  • Preferred Qualifications:
    • Certifications such as CISSP, CISM, ISO 27001 Lead Implementer/Auditor, or equivalent

Platform Science Benefits Highlights

The company offers various benefits to regular, full-time employees including: 

  • Medical, dental, and vision insurance
  • Short-term and long-term disability insurances
  • AD&D and life insurance
  • 401k plan
  • Paid vacation, sick leave and holidays
  • Six weeks of paid parental leave

For more information please see the Benefits Highlights brochure for regular, full-time employees.

In addition, you can access the Benefit Highlights brochure for regular, full-time employees by copying and pasting the link into your browser: https://www.platformscience.com/benefits.

This is an exempt role. Our job titles for each posting may span across more than one job level. The estimated base salary for this role is between $148,384 and $195,000. The range displayed on each job posting reflects the minimum and maximum target range for new hire base salaries across all US locations. Compensation packages are based on many factors unique to each candidate, including but not limited to skill set, work experience, relevant trainings and certifications, business needs, market demands and specific geographical location. The base pay range is subject to change and may be modified in the future. This role may also be eligible for bonus, equity, and benefits.

Please note that the compensation details listed in US role postings reflect the base salary only, and do not include bonus, equity, or benefits.

Platform Science collects your personal information to support its business operations, including for human resources, employment, benefits administration, health and safety, and other business-related purposes as well as to be in legal compliance. You can review further details of such collection and use in our Privacy Policy (link for browser: https://www.platformscience.com/privacy-notice).

Qualified applications with arrest or conviction records will be considered for employment in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act.

At this time we only consider candidates in these states: AL, AR, AZ, CA, CO, FL, GA, ID, IL, KY, MA, MD, MI, MN, MO, NC, NH, NV, NY, OH, OK, OR, PA, SC, TN, TX, UT, VA, WA, and WI. In the future we plan to add more states.

Beware job scams! Our recruiters use @platformscience.com emails only. We don’t interview via text/message. We don't ask for software downloads (except Zoom) or sensitive info (like SSN/bank). Suspect fraud? Report it to law enforcement & [email protected].