Information Security Compliance Manager

Imagine a world dedicated to Security without Compromise. Synack, headquartered in Silicon Valley with regional offices around the world, protects leading global organizations by reducing companies’ security risk and increasing their resistance to cyber attack. How do we do this? By utilizing the world’s best and most trusted team of ethical hackers who test through our powerful and controlled platform to deliver real security without compromise.

At Synack, we aren’t afraid to think outside the box or take on big challenges. Backed by top-tier venture capital firms including Kleiner Perkins Caufield & Byers, Microsoft, and Google Ventures, Synack's mission is to leverage global security talent coupled with advanced technology to help enterprises discover security vulnerabilities before they become business problems. Discover the possibilities at Synack!

Synack is seeking an awesome Information Security Compliance Manager with deep expertise in ISO, SOC, CMMC and FedRAMP compliance. You will work closely with the Engineering teams to ensure proper security controls and monitoring are applied. 

Please note that due to federal government contract requirements, we can only hire a citizen of the United States into this role.

Here’s what you'll do

• Develop System Security Plans (SSP), including Security Concept of Operations, Risk Management Matrix, Security Control Traceability Matrix, Security Test Procedures, and Plan of Action and Milestones (POAM)
• Conduct internal information security audits around ISO 27001/2, SOC2, CMMC and FedRAMP security controls
• Communicate regularly with stakeholders on security compliance issues, status of remediation, and assisting in generation of reports and metrics on overall state of the program
• Working with Project Managers and Engineering Leads; Ensuring appropriate information security policies, standards, procedures, and guidelines are being incorporated across services and infrastructure
• Manage and track remediation of identified risks and vulnerabilities and provide appropriate reporting to all interested parties
• Coordinate with the field teams to respond to vendor security assessments

Here's what you'll need

• 8+ years of experience IT Security Strategy, Risk Management, IT Audit and Compliance
• Experience with Enterprise Governance, Risk Management, and Compliance (GRC) tools.
• Experience with event monitoring and alerting tools such as Datadog, Stackdriver, and Splunk
• Working knowledge of security regulations, standards, and frameworks, including but not limited to ISO27000, SOC2, GDPR, and NIST
• Excellent written and verbal communication skills with the ability to accurately communicate security and risk-related information to technical and non-technical audiences

It’s all hands on deck, it’s hard work, it’s winning, it’s Synack. Join us!

Synack is committed to embracing diversity. Our people are our strength.  Each addition to our team is an opportunity to grow and diversify our ideas, experiences, and viewpoints. We strive to be inclusive of Race, Ethnicity, Religion, Sex, LGBTQ+, Veterans, Disabilities, and Age.  Synack welcomes you!