Enterprise Security Compliance Manager -Third Party in Los Angeles, CA at Volt

Date Posted: 6/14/2021

Job Snapshot

Job Description

As an Enterprise Security Compliance Manager, you will be responsible for managing the firm’s security compliance activities as focused on third-party vendors.

You will be responsible for leading efforts that include collecting and organizing written responses and documentation, leading calls and meetings to gather information from vendors, and ensuring that all follow-up communications and remediation items are completed on time.

You will be responsible for scheduling and coordinating vulnerability assessments, penetration tests, and associated remediation activities.

You will be a member of the Global Security and Risk Management team and will report directly to the Information Security Officer and work closely with the rest of the Security Team, while accomplishing these and other critical functions:

  • Managing the firm’s vendor audit process including, cloud service providers, engaging in a risk-based approach to determine the depth of each audit, leading the audit, and providing recommendations to management based on the results
  • Organizing and conducting meetings of the firm’s cloud security review team, coordinating the assessment of vendors, and leveraging team members’ expertise in the vendor review process
  • Arranging third party penetration tests and vulnerability testing by identifying and negotiating with vendors, scheduling testing, and following-up on results delivery
  • Reviewing firm contracts as part of the firm’s contract review process; assessing and recommending adjustments that serve to minimize security risk in firm agreements
  • Supporting the client’s security review process on an overflow basis from intake through closure by identifying all necessary internal stakeholders based on the request (e.g., security survey, audit, review), assembling relevant and appropriate documentation, drafting responses, scheduling and leading calls/meetings, and communicating follow-up activities
  • Coordinating with the information security officer, evaluating the results of internal & external system vulnerability scans, and arranging necessary internal follow-up to facilitate agreement regarding any recommended remediation items
  • Tracking agreed security remediation efforts from vulnerability tests with the support of the information security officer and others, and ensuring successful disposition of each item
  • Working to enhance the confidentiality, integrity, and availability of data at the firm, regardless of form
  • Maintaining information security documentation and assisting in the development of security policies and procedures
  • Serving as a subject matter expert for information security principles and practices (especially as they pertain to vendors and cloud security), and promoting a culture of security throughout the firm
  • Liaising with other teams and subject matter experts on various technologies, status, and testing
  • Working with the technology department management team to identify key metrics and reporting requirements as they relate to technology performance and operation
  • Creating and presenting regular reports to senior technology management
  • Documenting security information appropriate to team initiatives
  • Interfacing with staff throughout the firm to facilitate the efficient and secure use of technology services
  • Preparing technical documentation and reports as required

What you have:

  • The successful Manager must have strong analytical skills, including effectively defining problems and identifying solutions, a technical understanding of encryption and cloud security controls to allow evaluation of vendors’ security posture, along with well-developed professional interpersonal skills.
  • The ideal manager must display the ability to interact effectively with clients, vendors, and colleagues at all organizational levels.
    A Bachelor’s degree, a Diploma of higher education, or sufficient security and technology experience is required. A Bachelor’s degree in Information Systems, Computer Science, Engineering, or a related field is desired.
  • A recognized security certification is desired.
  • A minimum of 5 years of experience focused on information security is required.
  • A minimum of 10 years of experience working in information technology is required.
  • A minimum of 2 years of experience applying project management concepts is required.

    Volt is an equal opportunity employer.