This position will support the Security and Privacy Compliance organization. The individual will support our governance, risk, and compliance (GRC) practices, working on projects to ensure compliance with regulations and compliance to obligations with our customers. 

A key responsibility of this position will be the growth and maintenance of the incident reporting and response program within the risk management program. The candidate will manage the incident reporting and response program, including managing the tabletop exercise and the review, communication, and escalation process for security events, and ensuring we meet compliance obligations with our processes. This position will manage other compliance projects such as third-party audits (e.g. SOC 1/ PCI-DSS, etc.), risk assessments, or product compliance consulting projects, including HIPAA/Healthcare expansion programs. This role will include conducting research on compliance requirements, performing or managing assessments, and reporting findings to stakeholders. They will ideally have extensive experience in compliance, audit, project management, security, privacy, and software development lifecycle standard methodologies. 

This position will require coordinating, communicating, and working effectively with internal process owners, internal and external auditors, and all levels of management. The candidate should understand IT and security risks, general IT controls and security controls, as well as risk mitigation and issue remediation. Key skills would be IT audit and security event management, including understanding security issues identified, as well as potential exposure and needed mitigation and remediation. 

Career Level - IC4