Privacy and Security Manager
We are seeking a highly skilled and experienced Privacy and Security Manager to join our team. In this role, you will be responsible for developing, implementing, and maintaining our organization's privacy and security. You will play a crucial role in safeguarding our company's sensitive information and ensuring compliance with relevant laws and regulations. The ideal candidate will possess a deep understanding of privacy and security best practices, strong analytical skills, and the ability to communicate effectively with stakeholders at all levels of the organization.
What You’ll Do
Develop and Implement Privacy and Security Policies: Design, implement, and enforce policies and procedures to protect the confidentiality, integrity, and availability of sensitive information, ensuring alignment with compliance requirements.
Risk Assessment and Management: Conduct regular risk assessments to identify potential vulnerabilities and threats to the organization's privacy and security. Develop strategies to mitigate risks and respond to security incidents in compliance with regulatory requirements.
Compliance Management: Stay up-to-date with relevant privacy and security laws, regulations, and industry standards. Ensure compliance with requirements such as PCI, GDPR, CCPA/CPRA, HIPAA, and others applicable to our organization. Develop and maintain a compliance roadmap and ensure adherence to it.
Security Awareness Training: Develop and deliver privacy and security awareness training programs for employees to promote a culture of security consciousness throughout the organization.
Vendor Management: Evaluate and manage third-party vendors and service providers to ensure they meet our privacy and security standards. Conduct due diligence assessments and monitor vendor compliance.
Incident Response: Partner with the VP and manager of Information Security on the response to privacy and security incidents, including investigating breaches, coordinating with relevant stakeholders, and implementing corrective actions to prevent future incidents, ensuring compliance with regulatory reporting requirements.
Privacy Impact Assessments (PIAs): Conduct PIAs for new projects, systems, or processes to assess and mitigate privacy risks. Work closely with cross-functional teams to integrate privacy considerations into project planning and development.
Data Governance: Develop and maintain data governance frameworks, including data classification, retention policies, and data access controls, to ensure the appropriate handling of sensitive information in compliance with applicable regulations.
Security Audits and Assessments: Coordinate and participate in internal and external security audits and assessments. Collaborate with auditors and assessors to address findings and implement remediation measures to maintain compliance.
Qualifications:
Bachelor's degree in Information Security, Computer Science, or related field. Advanced degree or relevant certifications (e.g., CISSP, CIPP) preferred.
Minimum of 3 years of experience in privacy and security adjacent roles, preferably in the financial industry with SaaS exposure.
Understanding of privacy and security principles, standards, and best practices.
Proficiency in conducting risk assessments, developing policies and procedures, and managing compliance efforts.
Excellent communication and interpersonal skills, with the ability to effectively engage with stakeholders at all levels of the organization.
Strong analytical and problem-solving abilities, with a keen attention to detail.
Experience with security technologies and tools, such as SIEM, DLP, encryption, and access controls.
Ability to work independently and collaboratively in a fast-paced environment, with a commitment to continuous learning and improvement.
Additional Information:
The base pay range for this position is between $$115,000-$135,000 USD annually. The salary range for performing this role outside of the US / Austin / California may differ. AffiniPay is committed to offering competitive, fair and commensurate compensation and has provided an estimated pay range for this role. Actual compensation may vary based on job-related knowledge, skills, experience and education.
