Security Compliance Manager

Flexport Security team is growing and looking for a highly motivated security compliance specialist to join our team and drive regulatory and certification compliance requirements for our products. You will help to build and manage our security compliance program. You should be a technically experienced and innovative security, risk, compliance, and audit professional who has the ability to understand systems, security, and privacy processes, communicate to customers, and be able to drive innovative process changes through multiple organizations and teams.

Key job responsibilities:
Understand and rationalize compliance requirements for service and device security.
Provide business-specific interpretations and support automation opportunities
Review security controls that are technical in nature, such as access controls, data encryption in transit and at rest, and auditing and logging user activity
Engage with the Business and SMEs to ensure compliance with information security policies
Liaise with auditors, articulate control implementation and impact, and establish considerations for applying security, privacy, and compliance concepts to a technical cloud environment
Maintain control libraries and compliance requirements and guidance materials for various security standards and regulations
Experienced in reporting metrics, timelines, and effective project management skills.
Provides input to privacy, disclosure, and confidentially guidelines.
Assists in the implementation of processes and procedures for compliance reporting and metrics activities.
Researches best practices and innovative approaches to enable assessment and communication of compliance risk and metrics.

Preferred Qualifications:
3-5 years of experience in security or compliance consulting or advisory work in support of a highly technical environment
3-5 years of experience in performing and/or participating in technical assessments in direct support of a major compliance effort (e.g. China information security-related law and regulations, GBT, NIST, SOC1, ISO, or ISO)
3-5 years of experience designing, implementing, and/or running technical GRC solutions
Master’s degree in Information Security, Computer Science, Risk Management, Data security with 5 years of experience, or equivalent Bachelor’s degree with 5 years of experience.
Experience working directly with security engineers, auditors, and development teams
Excellent English is written and verbal communication skills while engaging both technical and non-technical stakeholders