Security Compliance ManagerJob Description, Salary, Career Path, and Trends
The security compliance manager’s role is to ensure that an organization’s computer systems and networks are secure and in compliance with government and industry regulations. They work with senior management to develop and implement security policies, train staff on security procedures, and respond to security incidents.
Someone in this role needs to keep up with the latest news and trends in cybersecurity and be on top of all available security tools. They must also educate their organization about information security risks and share best practices for reducing those risks.
Sample job description #1
As an Enterprise Security Compliance Manager, you will be responsible for managing the firm’s security compliance activities as focused on third-party vendors. You will be responsible for leading efforts that include collecting and organizing written responses and documentation, leading calls and meetings to gather information from vendors, and ensuring that all follow-up communications and remediation items are completed on time. You will be responsible for scheduling and coordinating vulnerability assessments, penetration tests, and associated remediation activities. You will be a member of the Global Security and Risk Management team and will report directly to the Information Security Officer and work closely with the rest of the Security Team, while accomplishing these and other critical functions:
Managing the firm’s vendor audit process including, cloud service providers, engaging in a risk-based approach to determine the depth of each audit, leading the audit, and providing recommendations to management based on the results
Organizing and conducting meetings of the firm’s cloud security review team, coordinating the assessment of vendors, and leveraging team members’ expertise in the vendor review process
Arranging third party penetration tests and vulnerability testing by identifying and negotiating with vendors, scheduling testing, and following-up on results delivery
Reviewing firm contracts as part of the firm’s contract review process; assessing and recommending adjustments that serve to minimize security risk in firm agreements
Supporting the client’s security review process on an overflow basis from intake through closure by identifying all necessary internal stakeholders based on the request (e.g., security survey, audit, review), assembling relevant and appropriate documentation, drafting responses, scheduling and leading calls/meetings, and communicating follow-up activities
Coordinating with the information security officer, evaluating the results of internal & external system vulnerability scans, and arranging necessary internal follow-up to facilitate agreement regarding any recommended remediation items
Tracking agreed security remediation efforts from vulnerability tests with the support of the information security officer and others, and ensuring successful disposition of each item
Working to enhance the confidentiality, integrity, and availability of data at the firm, regardless of form
Maintaining information security documentation and assisting in the development of security policies and procedures
Serving as a subject matter expert for information security principles and practices (especially as they pertain to vendors and cloud security), and promoting a culture of security throughout the firm
Liaising with other teams and subject matter experts on various technologies, status, and testing
Working with the technology department management team to identify key metrics and reporting requirements as they relate to technology performance and operation
Creating and presenting regular reports to senior technology management
Documenting security information appropriate to team initiatives
Interfacing with staff throughout the firm to facilitate the efficient and secure use of technology services
Preparing technical documentation and reports as required
As an Enterprise Security Compliance Manager, you will be expected to apply your organizational and communication skills while displaying a positive, high-energy attitude. The successful Manager must have strong analytical skills, including effectively defining problems and identifying solutions, a technical understanding of encryption and cloud security controls to allow evaluation of vendors’ security posture, along with well-developed professional interpersonal skills. The ideal manager must display the ability to interact effectively with clients, vendors, and colleagues at all organizational levels.
A Bachelor’s degree, a Diploma of higher education, or sufficient security and technology experience is required
A Bachelor’s degree in Information Systems, Computer Science, Engineering, or a related field is desired
A recognized security certification is desired
A minimum of five (5) years of experience focused on information security is required
A minimum of ten (10) years of experience working in information technology is required
A minimum of two (2) years of experience applying project management concepts is required
Experience working in a law practice office environment is desired
Sample job description #2
ABC Company is looking for a Security Compliance Manager with a deep security and compliance background to lead a system development and process improvement team. As part of the ABC Company Security Assurance team, this candidate is a key liaison with ABC Company service teams, infrastructure teams, ABC Company Security, and other areas across the company.
As a Security Compliance Manager within the Security Assurance Compliance Operations team, you will oversee the execution our program for evaluating compliance with industry standards (ISO, SOC), federal regulations (FedRAMP/NIST, DOD) and customer contractual requirements. You will have complete ownership and accountability of programs from start to finish, aimed at improving the ABC Company personnel screening compliance and risk monitoring. The successful candidate is comfortable interacting with both technology and business leaders across the organization at all levels. You will drive consensus among stakeholders and verify that controls are effective, or remediated to become effective. We value personality, insight, intellectual flexibility, and sound business judgment.
Your responsibilities will include the following
Improvement and/or development of new screening compliance programs
Manager underlying programs, coordinate Stakeholder management and Sr. Leadership program update communications
Assist in the development and tracking of Compliance Operations metrics, such as the number of open exceptions, number of open support requests, and burndown rates for given programs
Develop weekly/monthly reports that capture key business trends, highlights, lowlights, and metrics as the compliance programs are conducted. Provide status, recommended updates, and detailed metrics and evidence
Assist in evaluating new compliance programs and requirements and help transition ongoing operations of all compliance programs to long-term control owners within the organization
Be comfortable influencing change, earning trust with stakeholders, enhancing the customer experience, and driving the completion of the programs you are responsible for
Communicate effectively at multiple levels of sensitivity and across multiple audiences
A day in the life
On any given day this role will liaise with internal Security teams teams, audit, HR Screening Services, HR Risk and Compliance, Employee Services, Operations Security, ABC Company Legal, and various Services Teams
You will assist our stakeholders stakeholders with aligning standard operating procedures, controls, monitoring, and reporting with the goal of improving operations, policies, and risk management effectiveness
You will ensure the ongoing screening program compliance working with cross-functional teams to meet our audit and contractual requirements
5+ years of Security Compliance program monitoring and reporting
5+ years supervising a small team of security or compliance specialists
5+ years proven knowledge of program management lifecycle, and skilled at project management tools
5+ years experience in leading multi-organizational initiatives, and driving team accountability to achieve impactful goals
4+ years of experience working in an operations environment, driving improvements resulting in measurable business impact
Masters degree or higher (or in the progress of working toward a higher degree)
Advanced knowledge of NIST, ISO, SOC and/or related frameworks
Advanced Microsoft Excel, SQL, and/or Tableau experience
Experience supporting enterprise-wide Security Compliance programs designed to anticipate, assess, and minimize control gaps and audit findings
Experience with metrics-based projects and utilizing metrics to gauge risk and success
High level of comfort in communicating effectively across internal and external organizations
Understanding of the ABC Company service catalog
Meets/exceeds ABC Company’s leadership principles requirements for this role
Meets/exceeds ABC Company’s functional/technical depth and complexity for this role
Sample job description #3
ABC Company requires a Network Security Policy Management and Network Compliance subject matter expert. The primary responsibility of this position includes driving network device compliance, including firewall, router, switch, and load balancer. Additionally, this position requires performing assessments of vendor solutions on a need basis. Some of these measures include, but are not limited to, assessing infrastructure devices, awareness training for internal team members, and recommending best practices for the business. Additionally this SME will be responsible for verifying the remediation and providing alternate solutions which complies with in the policy while achieving the business objectives.
Roles and responsibilities
3+ years of direct working experience in Skybox/algosec solutions, which includes firewall assurance, network assurance, network modeling, change manager, and vulnerability control
Familiar with tools such as Tufin, and FireMon for network security policy management
Strong knowledge of Cisco FMC, Palo Alto Panorama, and CheckPoint Management platform
Minimum 5+ years of recent experience working in an enterprise environment, networking, and routing
Minimum 5+ years of recent experience with firewalls, and next generation firewalls (Cisco ASA, FTD, CheckPoint, Palo Alto, Juniper, etc.)
Thorough understanding of CIS, NIST, STIGS standards and guidelines, ITIL framework, and change management
Thorough knowledge of load balancer, IPS, virtual firewalls, software-defined networking, micro segmentation, and web proxy solutions
Minimum 5+ years of recent experience in security management practices such as risk management and administrative network access policies
Thorough understanding of vulnerability management, penetration testing, and attack simulations
Proven ability to write process and procedure documents for the enterprise
Good understanding of IT infrastructure and application lifecycle management
Ability to reduce risk posture of the environment by conducting regular security gap analysis
Ability to support the incident response and architecture review processes whenever security expertise is needed
Experience managing challenging situations and challenges of large organizations
Bachelor’s degree in Computer Science, Electronics, or related field
Skybox, algosec CCNA, CCNP, CCIE and vendor certifications are a plus (Cisco, Juniper, Palo Alto, etc.)
Minimum of 12+ years of progressive infrastructure and cyber security experience, preferably within a large global organization. Exposure to any two-security areas, such as infrastructure security and network security, is mandatory
Knowledge about translating security concepts into language that is meaningful to many audiences, including business and technical leaders, and individual contributors
Demonstrated ability to influence decision-making processes at all levels of the Organization
Preferably worked for an external client through large corporations that may employ in-house teams
Experience reporting metrics about the state of security programs to management
Analytical and problem-solving skills, as well as excellent judgment and self-motivation
The ideal candidate is a good team player and keen learner, with commitment to the security industry
Business acumen, communication skills, and process-oriented thinking
Ability to think methodically, attention to detail, and healthy paranoia are vital attributes
Average salary and compensation
The average salary for a security compliance manager is $123,000. Typical benefits include medical, dental, and vision insurance, 401k contribution, life and disability insurance, and paid time off.
Los Angeles, California
Minneapolis-St. Paul, Minnesota
New York City, New York
Sample interview questions
How do you collaborate with the legal department when it comes to incident response?
What are common challenges that come along with creating, managing, and communicating compliance programs?
Describe a typical day in this position.
What types of social engineering attacks do you think might be targeting large companies such as ours?
What advice would you give to someone who wants to advance in this field?
What do you consider to be your greatest accomplishment as a security compliance manager?
What experience do you have with auditing and assessing risk?
How do you ensure that our company is compliant with all relevant security standards and regulations?
Can you share a project that you spearheaded during your time at your previous employer that was successful?
What type of certifications or qualifications do you think will add value to this position?
How has the changing security landscape affected this role over the past few years?
What is your greatest strength when it comes to implementing and managing a compliance program?
We match top professionals with great employers across the country. Your next career move or star employee is just around the corner. Review our career content and advice, browse our latest job openings, or email us your resume. We look forward to connecting with you soon!