- South Jordan, UT
The Compliance Manager will work with teams all across the business and is responsible for ensuring security controls are in place for established policies, procedures, frameworks, and regulations. This role collects data, tests audit evidence, processes, and documents, associated procedures according to Pluralsight’s Information Security Management System. This role interacts frequently with other business units and requires attention to detail and project deadlines.The Compliance Manager should have a strong background in information technology with a clear understanding of the challenges of information security.
This position reports through the Information Security and Privacy Team .The Compliance Manager serves as a compliance expert for enterprise systems and Governance, Risk Management and Compliance (GRC) and is a subject matter expert on information security risk analysis and compliance matters.
Who you are:
- You enjoy technology, creative problem solving, and working with diverse and intelligent people
- A self-starter. You like to understand the expected outcome, get the context, and then work entrepreneurially to get it done
- A critical thinker. You proactively consider the tradeoffs between risk tolerance and common sense
- An amazing communicator and effective influencer. You earn trust and people follow you.
- A lifelong learner. You are curious by nature and are constantly learning on the go and discovering better ways of doing things. You’re passionate about understanding how others build services, sharing that knowledge, and helping adapt our evolving best-practices.
- A partner with leaders across the business
- Highly self motivated and directed
- Ability to work on cross-functional project teams
- A strong operations mindset involving time sensitive directives and ability to self-manage workflow across competing priorities
- Interest in learning and taking on increasingly complex tasks
- Exhibits keen attention to details
- Is proficient at time management and prioritization of deadlines
- Learn from and take accountability for your mistakes.
- Embrace the challenges and rewards of change.
- Treat everyone as a colleague, regardless of position or title.
What you’ll own:
- Monitor, report, and routinely audit compliance to all information security procedures and policies, and ensures consistency of internal controls across departments.
- The planning and execution of quarterly and annual review of policies and procedures and the reporting to all levels of management, internal and external auditors
- Work with Information Security Engineering and Operations Team to build automated audit/data analytic procedures and metrics
- Work with Information Security & Privacy Team in the development of programs and processes to manage compliance risk.
- Develop process improvements to reduce risk.
- Assist in the develop, initiate, maintain and revise internal policies, procedures and practices to prevent, detect and respond appropriately to potentially non-compliant practices
- Manage internal/external audits and help draft audit findings responses and corrective action plans
- Maintain and update Compliance training materials
- Collect, organize and analyze compliance and quality improvement data
- Assist with the validation and integrity of data reports
- Develops security and privacy governance, risk management, and compliance programs
- Researches, evaluates, and recommends enterprise GRC software solution(s)
- Review existing compliance controls for regulatory updates and perform gap analysis
- Create and maintain various assessment and compliance schedules
- Provide superior client service by delivering clear, concise, and practical guidance and excellent written work product
- Maintain professional and technical knowledge by attending educational workshops; reviewing professional publications; establishing personal networks; benchmarking state-of-the-art practices; participating in professional societies.
- Research and stay abreast of all local, national laws and regulations as it related to record retention and information security requirements
- Leverage information security technologies as necessary to identify and remediate risk posed to the environment.
- Monitor security process compliance of internal and third party users
- Provides project updates to The Head of Information Security & Privacy and during monthly project status meetings
- Occasionally attend compliance-related seminars to stay abreast of the compliance industry
- Performs special duties as assigned
Experience you’ll need:
- 5+ years experience in leading IT compliance or security risk assessments or audits
- Relevant Certifications: GRCP, CGRC, CIA, CISA, CIPP/US, CIPP/E, CIPM, and/or CIPT
- Knowledge related to ISO 27001/2, PCI DSS, SOX, NIST, and GDPR compliance
- Bachelor's degree in a relevant field
- Familiarity with GRC concepts and tools
- An ability to work in a fast-paced and dynamic environment with a drive to deliver outstanding results
- Ability to negotiate with other teams without inhibiting productivity
- Ability to work individually and within a team
- Build understanding and awareness of security issues throughout the organization, must have excellent communication and presentation skills.
- Ensure complete issue tracking, provide feedback, and report results as accomplished.
- Proven ability to work under broad policy guidance
- Proven analytical and problem solving skills
- Knowledge of Project Management
- Good written and oral communication skills
Working at Pluralsight
Founded in 2004 and trusted by Fortune 500 companies, Pluralsight is the technology skills platform organizations and individuals in 150+ countries count on to create progress for the world.
Our platform helps technologists master their craft and take control of their careers. We empower businesses everywhere to build adaptable teams, speed up release cycles and become scalable, reliable and secure. We come to work everyday knowing we’re helping our customers build the skills that power innovation.
And we don’t let fear, egos or drama distract us from our mission. Our mission to democratize technology skills is what drives us and our values are at the helm of how we work together. It’s our commitment to practicing them day in, day out that enables our performance. We’re adults, and we treat each other that way. We have the autonomy to do our jobs, transparency to eliminate office politics and trust each other to do the right thing. We thrive in an environment with creativity around every corner, challenges that keep us on our toes, and peers who inspire us to be the best we can be. We bring different viewpoints, backgrounds and experiences, and united by our mission, we are one.Bring yourself. Pluralsight is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age or veteran status.
All your information will be kept confidential according to EEO guidelines.