Information Security Manager - Compliance

South Jordan, Utah, United States Full-time

Banjo is looking to add an Information Security Compliance Manager to join our team in South Jordan, UT!

Banjo is looking for an Information Security Compliance Manager with strong people management experience as well as demonstrated expertise with ISO 27001, NIST, FedRAMP, CJIS, Privacy Frameworks such as GDPR, and other regulations or Compliance Frameworks. This role will manage all Security Compliance activities for Banjo and will work across the organization's different functions (Engineers, DevOps, Security, Product, IT, People Ops, Legal groups, etc.) to ensure requirements are understood and controls are implemented correctly. This position will also play a crucial role in engaging with external parties, including auditors, partners, and vendors.

Most companies have a mission statement. Banjo has a mission — to save lives and reduce human suffering by ethically using A.I. to get everyone live, validated information, so they can make better decisions, faster.

Banjo is the world’s first Live-Time Intelligence platform that gives decision-makers the ability to KNOW INFORMATION NOW, to understand what is happening live, anywhere.

 

RESPONSIBILITIES

  • Manage all internal and external security compliance engagement activities.
  • You will build and manage the programs supporting our existing compliance control activities and initiatives.
  • Grow the Compliance team to match the company’s needs.
  • Implement and mature a Unified Control Framework supporting ISO 27001, NIST, CJIS, GDPR, SOC2, FedRAMP together with supporting policies and standards.
  • Work very closely with many cross-functional teams to communicate and integrate control requirements (People Ops, Finance, Legal, others, etc.).
  • Manage a team that will engage directly with Product Engineering through all phases of product design, implementation and ongoing maintenance of security compliance activities.
  • Manage and communicate compliance requirements, timelines, and roadmap to supporting teams and leadership.
  • Drive project activities to ensure requirements and schedules are met.
  • Identify and manage risks and work with project teams to identify appropriate solutions.
  • Manage, track and report compliance-related remediation to project teams and management.
  • Develop metrics and reporting to demonstrate compliance status and engagement.
  • Communicate the compliance posture and effectiveness to management on a scheduled basis.
  • Provide ongoing guidance and consultation to the organization to promote a progressive and sustainable Security Compliance Engagement Program.
  • Develop and work with supporting teams to design and implement an automated control strategy and exception reporting process.
  • Develop a strategy to implement and maintain a centralized audit evidence repository to support all security compliance evidence gathering and maintenance activities.
  • Integrate ongoing changes to laws, regulations, and frameworks as required into daily activities

 

QUALIFICATIONS

  • 7-9 years working experience within Data Security & Compliance.
  • 5 years of Data Compliance Management experience that includes managing people (direct people management).
  • BS or MS in Computer Science or related field.
  • Expert understanding of ISO 27001, SOC, NIST, GDPR, regulations and frameworks. CJIS and FedRAMP would be a plus.
  • Expert understanding of cloud controls and environments.
  • Strong understanding of common compliance frameworks and industry standards such as NIST, COBIT, COSO and ISO 27K.
  • A strong foundation in IT solutions development and deployment.
  • Practical understanding of IT security compliance, risk management and information security principles including access control, network security, information security architecture, information security operations, and leading practices and associated tools in a cloud environment (AWS).
  • Strong analytical, diagnostic, critical thinking and project management skills
  • Excellent problem-solving, negotiation and decision-making skills.
  • Excellent written and oral communication skills.
  • Strong Engagement skills (Internal & External).
  • Ability to represent data in graphical form.
  • Demonstrated experience managing compliance activities as part of a company (not solely in a consulting capacity).
  • Experience implementing a common/unified control framework.
  • Demonstrated experience managing and working with auditors.
  • Demonstrated experience managing and working with internal cross-functional teams and product engineering groups.
  • Demonstrated experience communicating and reporting to senior leadership.

 

PERSONAL ATTRIBUTES OF THE SUCCESSFUL CANDIDATE

  • Excellent interpersonal skills with a high degree of empathy and emotional intelligence.
  • Articulate individual, possessing solid verbal and written communication skills.
  • Proven success delivering results individually and as part of a team in a fast-paced, demanding, high growth environment.
  • Continuous improvement mentality with an ability to evaluate processes, seek out and implement internal or external best practices.
  • A ‘can-do’ attitude.
  • A great collaborator who is highly effective in a team-based environment.
  • Creative problem solver with a demonstrated ability to ‘think outside the box’ when confronting challenges.
  • Effective time management, organization and prioritizing skills; Ability to manage and prioritize multiple deliverables and to meet deadlines.
  • High attention to detail, able to complete tasks quickly.
  • Possesses an innate sense of urgency to deliver for the business while also effectively working collaboratively as part of a team.

 

WORK ENVIRONMENT

The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable qualified individuals with disabilities to perform the essential functions. The term "qualified individual with a disability" means an individual with a disability who, with or without reasonable accommodation, can perform the essential functions of the position. While performing the duties of this job, the employee is regularly required to communicate professionally in person, over the telephone, through email and other electronic means, move about the office, handle various types of media and equipment, and visually or otherwise identify, observe and assess. The employee is occasionally required to lift up to 10 pounds and is required to travel unless otherwise specified in the job description.

 

NOTICE

At Banjo, we value inclusion and embrace diversity. Banjo is an equal opportunity employer and makes employment decisions on the basis of merit. Banjo prohibits discrimination based on race, color, religion, sex, sexual identity, gender identity, marital status, veteran status, nationality, citizenship, age, disability, medical condition, pregnancy, or any other unlawful consideration. All your information will be kept confidential according to EEO guidelines.

The intent of this job description is to provide a representative and level of the types of duties and responsibilities that will be required of positions given this title and shall not be construed as a declaration of the total of the specific duties and responsibilities of any particular position. Employees may be directed to perform job-related tasks other than those specifically presented in this description. Candidates must pass a background check and drug test.