Security Compliance ManagerJob Description, Salary, Career Path, and Trends

The security compliance manager’s role is to ensure that an organization’s computer systems and networks are secure and in compliance with government and industry regulations. They work with senior management to develop and implement security policies, train staff on security procedures, and respond to security incidents.

Someone in this role needs to keep up with the latest news and trends in cybersecurity and be on top of all available security tools. They must also educate their organization about information security risks and share best practices for reducing those risks.

Sample job description #1

As an Enterprise Security Compliance Manager, you will be responsible for managing the firm’s security compliance activities as focused on third-party vendors. You will be responsible for leading efforts that include collecting and organizing written responses and documentation, leading calls and meetings to gather information from vendors, and ensuring that all follow-up communications and remediation items are completed on time. You will be responsible for scheduling and coordinating vulnerability assessments, penetration tests, and associated remediation activities. You will be a member of the Global Security and Risk Management team and will report directly to the Information Security Officer and work closely with the rest of the Security Team, while accomplishing these and other critical functions:

  • Managing the firm’s vendor audit process including, cloud service providers, engaging in a risk-based approach to determine the depth of each audit, leading the audit, and providing recommendations to management based on the results
  • Organizing and conducting meetings of the firm’s cloud security review team, coordinating the assessment of vendors, and leveraging team members’ expertise in the vendor review process
  • Arranging third party penetration tests and vulnerability testing by identifying and negotiating with vendors, scheduling testing, and following-up on results delivery
  • Reviewing firm contracts as part of the firm’s contract review process; assessing and recommending adjustments that serve to minimize security risk in firm agreements
  • Supporting the client’s security review process on an overflow basis from intake through closure by identifying all necessary internal stakeholders based on the request (e.g., security survey, audit, review), assembling relevant and appropriate documentation, drafting responses, scheduling and leading calls/meetings, and communicating follow-up activities
  • Coordinating with the information security officer, evaluating the results of internal & external system vulnerability scans, and arranging necessary internal follow-up to facilitate agreement regarding any recommended remediation items
  • Tracking agreed security remediation efforts from vulnerability tests with the support of the information security officer and others, and ensuring successful disposition of each item
  • Working to enhance the confidentiality, integrity, and availability of data at the firm, regardless of form
  • Maintaining information security documentation and assisting in the development of security policies and procedures
  • Serving as a subject matter expert for information security principles and practices (especially as they pertain to vendors and cloud security), and promoting a culture of security throughout the firm
  • Liaising with other teams and subject matter experts on various technologies, status, and testing
  • Working with the technology department management team to identify key metrics and reporting requirements as they relate to technology performance and operation
  • Creating and presenting regular reports to senior technology management
  • Documenting security information appropriate to team initiatives
  • Interfacing with staff throughout the firm to facilitate the efficient and secure use of technology services
  • Preparing technical documentation and reports as required

As an Enterprise Security Compliance Manager, you will be expected to apply your organizational and communication skills while displaying a positive, high-energy attitude. The successful Manager must have strong analytical skills, including effectively defining problems and identifying solutions, a technical understanding of encryption and cloud security controls to allow evaluation of vendors’ security posture, along with well-developed professional interpersonal skills. The ideal manager must display the ability to interact effectively with clients, vendors, and colleagues at all organizational levels.

  • A Bachelor’s degree, a Diploma of higher education, or sufficient security and technology experience is required
  • A Bachelor’s degree in Information Systems, Computer Science, Engineering, or a related field is desired
  • A recognized security certification is desired
  • A minimum of five (5) years of experience focused on information security is required
  • A minimum of ten (10) years of experience working in information technology is required
  • A minimum of two (2) years of experience applying project management concepts is required
  • Experience working in a law practice office environment is desired

Sample job description #2

ABC Company is looking for a Security Compliance Manager with a deep security and compliance background to lead a system development and process improvement team. As part of the ABC Company Security Assurance team, this candidate is a key liaison with ABC Company service teams, infrastructure teams, ABC Company Security, and other areas across the company.

As a Security Compliance Manager within the Security Assurance Compliance Operations team, you will oversee the execution our program for evaluating compliance with industry standards (ISO, SOC), federal regulations (FedRAMP/NIST, DOD) and customer contractual requirements. You will have complete ownership and accountability of programs from start to finish, aimed at improving the ABC Company personnel screening compliance and risk monitoring. The successful candidate is comfortable interacting with both technology and business leaders across the organization at all levels. You will drive consensus among stakeholders and verify that controls are effective, or remediated to become effective. We value personality, insight, intellectual flexibility, and sound business judgment.

Your responsibilities will include the following

  • Improvement and/or development of new screening compliance programs
  • Manager underlying programs, coordinate Stakeholder management and Sr. Leadership program update communications
  • Assist in the development and tracking of Compliance Operations metrics, such as the number of open exceptions, number of open support requests, and burndown rates for given programs
  • Develop weekly/monthly reports that capture key business trends, highlights, lowlights, and metrics as the compliance programs are conducted. Provide status, recommended updates, and detailed metrics and evidence
  • Assist in evaluating new compliance programs and requirements and help transition ongoing operations of all compliance programs to long-term control owners within the organization
  • Be comfortable influencing change, earning trust with stakeholders, enhancing the customer experience, and driving the completion of the programs you are responsible for
  • Communicate effectively at multiple levels of sensitivity and across multiple audiences

A day in the life

  • On any given day this role will liaise with internal Security teams teams, audit, HR Screening Services, HR Risk and Compliance, Employee Services, Operations Security, ABC Company Legal, and various Services Teams
  • You will assist our stakeholders stakeholders with aligning standard operating procedures, controls, monitoring, and reporting with the goal of improving operations, policies, and risk management effectiveness
  • You will ensure the ongoing screening program compliance working with cross-functional teams to meet our audit and contractual requirements

Basic qualifications

  • Bachelor’s degree
  • 5+ years of Security Compliance program monitoring and reporting
  • 5+ years supervising a small team of security or compliance specialists
  • 5+ years proven knowledge of program management lifecycle, and skilled at project management tools
  • 5+ years experience in leading multi-organizational initiatives, and driving team accountability to achieve impactful goals
  • 4+ years of experience working in an operations environment, driving improvements resulting in measurable business impact

Preferred qualifications

  • Masters degree or higher (or in the progress of working toward a higher degree)
  • Advanced knowledge of NIST, ISO, SOC and/or related frameworks
  • Advanced Microsoft Excel, SQL, and/or Tableau experience
  • Experience supporting enterprise-wide Security Compliance programs designed to anticipate, assess, and minimize control gaps and audit findings
  • Experience with metrics-based projects and utilizing metrics to gauge risk and success
  • High level of comfort in communicating effectively across internal and external organizations
  • Understanding of the ABC Company service catalog
  • Meets/exceeds ABC Company’s leadership principles requirements for this role
  • Meets/exceeds ABC Company’s functional/technical depth and complexity for this role

Sample job description #3

ABC Company requires a Network Security Policy Management and Network Compliance subject matter expert. The primary responsibility of this position includes driving network device compliance, including firewall, router, switch, and load balancer. Additionally, this position requires performing assessments of vendor solutions on a need basis. Some of these measures include, but are not limited to, assessing infrastructure devices, awareness training for internal team members, and recommending best practices for the business. Additionally this SME will be responsible for verifying the remediation and providing alternate solutions which complies with in the policy while achieving the business objectives.

Roles and responsibilities

  • 3+ years of direct working experience in Skybox/algosec solutions, which includes firewall assurance, network assurance, network modeling, change manager, and vulnerability control
  • Familiar with tools such as Tufin, and FireMon for network security policy management
  • Strong knowledge of Cisco FMC, Palo Alto Panorama, and CheckPoint Management platform
  • Minimum 5+ years of recent experience working in an enterprise environment, networking, and routing
  • Minimum 5+ years of recent experience with firewalls, and next generation firewalls (Cisco ASA, FTD, CheckPoint, Palo Alto, Juniper, etc.)
  • Thorough understanding of CIS, NIST, STIGS standards and guidelines, ITIL framework, and change management
  • Thorough knowledge of load balancer, IPS, virtual firewalls, software-defined networking, micro segmentation, and web proxy solutions
  • Minimum 5+ years of recent experience in security management practices such as risk management and administrative network access policies
  • Thorough understanding of vulnerability management, penetration testing, and attack simulations
  • Proven ability to write process and procedure documents for the enterprise
  • Good understanding of IT infrastructure and application lifecycle management
  • Ability to reduce risk posture of the environment by conducting regular security gap analysis
  • Ability to support the incident response and architecture review processes whenever security expertise is needed
  • Experience managing challenging situations and challenges of large organizations

Qualifications

  • Bachelor’s degree in Computer Science, Electronics, or related field
  • Skybox, algosec CCNA, CCNP, CCIE and vendor certifications are a plus (Cisco, Juniper, Palo Alto, etc.)
  • Minimum of 12+ years of progressive infrastructure and cyber security experience, preferably within a large global organization. Exposure to any two-security areas, such as infrastructure security and network security, is mandatory
  • Knowledge about translating security concepts into language that is meaningful to many audiences, including business and technical leaders, and individual contributors
  • Demonstrated ability to influence decision-making processes at all levels of the Organization
  • Preferably worked for an external client through large corporations that may employ in-house teams
  • Experience reporting metrics about the state of security programs to management
  • Analytical and problem-solving skills, as well as excellent judgment and self-motivation
  • The ideal candidate is a good team player and keen learner, with commitment to the security industry
  • Business acumen, communication skills, and process-oriented thinking
  • Ability to think methodically, attention to detail, and healthy paranoia are vital attributes

Average salary and compensation

The average salary for a security compliance manager is $123,000. Typical benefits include medical, dental, and vision insurance, 401k contribution, life and disability insurance, and paid time off.

LocationSalary LowSalary High
Phoenix, Arizona$122,300$165,500 
Los Angeles, California$138,000 $186,700 
Denver, Colorado$115,000 $155,600 
Washington, DC$140,100 $189,550 
Miami, Florida$114,500 $154,900 
Orlando, Florida$105,600 $142,850 
Tampa, Florida$106,650 $144,300 
Atlanta, Georgia$111,850$151,350
Chicago, Illinois$128,600$174,00 
Boston, Massachusetts$139,050 $188,150 
Minneapolis-St. Paul, Minnesota$110,800 $149,950 
New York City, New York$146,350 $198,050 
Philadelphia, Pennsylvania$119,200 $161,250 
Dallas, Texas$116,050$157,000 
Houston, Texas$115,000 $155,600 
Seattle, Washington$133,800 $181,050 
National Average$104,550 $141,450 

Sample interview questions

  • How do you collaborate with the legal department when it comes to incident response?
  • What are common challenges that come along with creating, managing, and communicating compliance programs?
  • Describe a typical day in this position.
  • What types of social engineering attacks do you think might be targeting large companies such as ours?
  • What advice would you give to someone who wants to advance in this field?
  • What do you consider to be your greatest accomplishment as a security compliance manager?
  • What experience do you have with auditing and assessing risk?
  • How do you ensure that our company is compliant with all relevant security standards and regulations?
  • Can you share a project that you spearheaded during your time at your previous employer that was successful?
  • What type of certifications or qualifications do you think will add value to this position?
  • How has the changing security landscape affected this role over the past few years?
  • What is your greatest strength when it comes to implementing and managing a compliance program?

Security Compliance Manager Jobs in Ashburn

    Loading RSS Feed

Need help hiring a Security Compliance Manager?

We match top professionals with great employers across the country. Your next career move or star employee is just around the corner. Review our career content and advice, browse our latest job openings, or email us your resume. We look forward to connecting with you soon!

Browse A-Z Job Descriptions