Security and Compliance Manager

Bellevue, Washington, United States

Title

The Security and Compliance Manager is responsible for implementing, maintaining and strengthening K2’s information security programs through strategic planning, governance, risk assessments, and incident reporting.  Working with key stakeholders including compliance and internal audit, the Security and Compliance Manager coordinates enterprise wide security to support requirements relating to confidential information, data security, cybersecurity, physical security, vendor risk, records management, incident readiness and incident recovery management, and corporate information security policy and standards.

What you'll do in this role:

Strategy and Planning

  • Develop, manage and set the company-wide strategy for Information Security, including establishing goals and priorities, leading initiatives, and promoting awareness company-wide
  • Own the Information Security policies and procedures, and maintain/communicate these regularly
  • Coordinate internal/external audits and risk assessments related to security certifications ISO27001 and SOC2 Type 2 Report
  • Set physical security policies and standards
  • Lead the Security Council, a cross-functional team across the organization maintaining Information Security objectives and compliance

Communication

  • Ensure global staff remains knowledgeable of emerging information security trends and technologies through regular communications and training efforts
  • Lead incident readiness and incident recovery efforts and consult with senior management
  • Advise senior management of changes in the technical, legal, and regulatory requirements
  • Improve security awareness and instill a security aware culture in the organization
  • Engage with customers to discuss the company’s security controls

Information Security Management

  • Ensure technology compliance with company-wide information security policies
  • Define and report on information security metrics
  • Define and approve architecture, policies, standards, guidelines, and any exceptions
  • Collaborate with architecture and infrastructure teams to define roadmaps and planned work 

Operational Excellence

  • Review threat and vulnerability reports and security controls
  • Maintain awareness of IT/Security industry trends and emerging threats
  • Ensure security processes, practices and operations are in place and managed effectively
  • Lead efforts to create security standards and the development of security requirements
  • Collaborate with key internal partners to identify, prioritize and respond to risks
  • Develop security architecture in support of business strategy
  • Review and respond to FRP / RFI related to K2 Information security
  • Oversee ongoing security monitoring and continuous improvement of information systems
  • Perform risk assessment and gap analyses, and implement recommendations
  • Implement security controls

Qualifications:

  • A bachelor’s degree in Computer Science or related field
  • Five or more years of experience in a technology, IT security and/or compliance role
  • Solid familiarity with general enterprise technology architecture
  • Experience in determining, developing, and/or implementing information security controls and policies
  • Proven project management and organizational skills, specifically managing multiple concurrent projects and/or clients
  • Certifications, or the ability to obtain certification, such as CISSP, CISA, or CISM are preferred
  • Excellent analytical, problem solving and decision-making skills, applied with a solution-focused attitude
  • Excellent verbal communication skills and experience influencing key stakeholders
  • Excellent written communication skills, demonstrating the ability to write with purpose, clarity, and accuracy
  • Have a strong desire to continuously improve
  • Experience with information security frameworks and standards such as ISO27001, ISO27002, SOC2, COBIT, and COSO
  • Experience with data privacy laws including GDPR and CCPA