Manager, Information Security & Compliance
Movable Ink powers meaningful experiences in email and on the web for the biggest brands in the world. Data is at the heart of these experiences, and the security of that data is vital to our business. We are collecting petabytes of data each quarter that must be securely managed throughout its lifecycle.
The Manager, Information Security & Compliance will be a part of the team responsible for planning, implementing and maintaining the firm-wide privacy, security and compliance strategy to protect Movable Ink’s platform. You'll work closely with leaders from around the organization to support a strong security posture aimed at protecting especially our customers' data.
This includes ensuring that information security controls are operating effectively and incrementally improved. Additionally, the Manager, Information Security & Compliance will lead a subset of privacy, security and compliance-related projects to enhance the Movable Ink platform.
One year from now you will have:
- Managed critical aspects of Movable Ink’s first SOC 2 audit cycle with positive outcomes.
- Improved the efficiency and enforcement of Movable Ink’s privacy and information security policies, standards, procedures and controls.
- Led critical projects designed to enhance Movable Ink’s information security and compliance capabilities.
Responsibilities:
- Contribute to the privacy, security and compliance strategy and planning process.
- Help evaluate the design effectiveness of controls based upon industry best practice models.
- Perform activities to measure and monitor successful implementation of controls.
- Facilitate risk assessments, maturity assessments, and the evaluation of controls and measurements against policies, standards and processes.
- Manage and deliver information security and compliance projects with positive outcomes.
- Compile weekly, monthly, quarterly and annual reporting and metrics covering the current control set.
- Manage critical aspects of the information security and compliance remediation process, especially as it relates to SOC 2 compliance.
- Contribute to clients’ security questionnaire and assessment process.
- Help manage the vendor risk management program for both prospective and existing providers.
Experience:
- Experienced in risk management techniques including control assessments, gap analysis, external or internal audit, risk management concepts and risk assessment methodologies.
- You've helped manage compliance programs such as SOC 2, ISO 27,000 series and/or GDPR.
- You've worked as a project manager in highly technical environments, preferably with an extensive cloud-based footprint.
- Experience working with data-driven products and related policies and technical controls, especially in martech or adtech, a strong plus
Qualifications:
- Bachelor’s degree
- Minimum 4 years of experience in information security and related compliance programs
- Strong desire to stay at the forefront of security and compliance industry trends and developments
- Program/project management experience and knowledge of best practices
- Experience with large scale cloud-based technical environments preferred
- Experienced with SOC 2, ISO 27,000 series and GDPR preferred
- Experience with GRC tools preferred
- Experience in responding to client security assessments and questionnaires
- Experience with vendor risk management
- Experience with security incident response, a plus
- Strong research skills with attention to detail
- Adept at learning new technologies
- Cross-business group collaboration experience
- CISA, CISM, CISSP, ITIL v3 or similar, a plus