Information Security Governance and Compliance Manager Offline

✅The Role:

As the Information Security Governance Risk and Compliance Manager, you will be responsible for managing internal and external audits, managing a vendor due diligence program, responding to security questionnaires, managing a security risk management program, and developing and maintaining security policies, procedures, and guidelines.

✅You will:

• Lead and maintain all certification efforts (including SOC2, ISO, CIS Standards, HIPAA, and GDPR).

• Work with Legal and Data Privacy to ensure that Akvelon meets data privacy and security requirements.

• Conduct internal security audits, risk assessments, and business impact assessments.

• Assist the business in responding to RFPs and security questionnaires; maintain a library of security and compliance RFP responses.

• Work with business leaders to ensure information security risk findings are reviewed and solutions are implemented.

• Be responsible for developing and maintaining security policies, procedures, and guidelines.

• Assess the security qualifications of current and potential vendors.

• Liaise with relevant parties to commission activities related to contingency planning, business continuity management, and IT disaster recovery.

✅Requirements:

• Knowledge of industry security and privacy standards (including ISO 27001, SOC 2, GDPR, and HIPAA).

• Knowledge of risk management processes in compliance and security contexts.

• Previous experience managing internal and external audits.

• Proven track record and experience in developing information security policies and procedures.

• Experience coordinating tasks to complete 3rd part assessments and questionnaires.

• General understanding of technical skills and competencies.

✅What success looks like:

• You update and mature the program for developing and maintaining security policies, procedures, and guidelines.

• Manage internal and external audits to meet security and privacy standards (ISO, SOC2, GDPR, HIPAA, etc.)

• You will validate and test the business continuity and disaster recovery plans with system owners.

• You will update and mature the risk management program.

• You are known for always being responsive and following through especially with customers responding to customer RFPs and security questionnaires.

Working conditions and benefits

🔸Flexible working schedule: 8 hours per day, 40 hours per week. It additionally depends on the project's operational hours. Work on weekends or overtime is only upon the customer's request and is paid in addition.

🔸High-trust environment: no screen time trackers and flexible working hours.

🔸Paid vacation, sick leave

🔸Official state holidays

🔸Professional growth while attending challenging projects and the possibility to switch your role, master new technologies and skills with company support

🔸Personal Career Development Plan (CDP)

🔸Employee support program (Discount, Care, Heals, Legal compensation)

🔸Paid external training, conferences, and professional certification that meets the company’s business goals

🔸Internal workshops & seminars

🔸Corporate library (Paper/E-books) and internal English classes