Senior Compliance Program Manager at data.world
Austin, TX, US

The data.world team is looking for a Senior Compliance Program Manager to join us as we develop the industry-changing platform that’s modernizing the way organizations use data. This person will own the information system security program for all data.world products. You will work closely with engineering, and product managers to ensure security is built into our products at all levels. This role will also work with legal on privacy and other regulatory compliance and contracts subject to those laws.

If you’re passionate about the transformative power of data, and want to have an impact on a fast-growing business, then we want to meet you.

At data.world you will:

  • Own our security program including company-wide IT security policy, annual IT risk assessments, penetration testing, business continuity, disaster recovery, and more.
  • Complete compliance risk management requirements such as SOC2, ISO 27000 series, CSA Star, HIPAA and other frameworks or control requirements. Work directly with external auditors.
  • Improve and automate the audit processes for these compliance programs
  • Maintain our data management guidelines including classification and handling requirements
  • Establish and ensure compliance with privacy legislation such as GDPR and CCPA
  • Work directly with product management and engineering to ensure that our security program requirements are met by the product as it evolves. Oversee remediation of security vulnerabilities.
  • Work directly with legal on customer, vendor and systems contracts and ensuring compliance with applicable privacy and security regulations
  • Support our sales teams by providing customer assurance documentation and answers to customer RFPs.
  • Be a core member of the Incident Response team responsible for responding to security events.

Qualifications:

  • BA or MA in Information Systems or equivalent experience
  • 5+ years of experience in information security or technical product certification
  • Experience with or knowledge of public cloud technology, especially security relevant services
  • Experience with common control frameworks such as SOC2, ISO 27000 series, NIST 800 series and CIS critical security.
  • At least one or more of the following designations: CISA, CISM, CRISC, CISSP, GSNA, GCCC, or GSEC.

Big pluses include:

  • Knowledge of Amazon Web Services and relevant security services and controls
  • Experience with industry specific compliance programs such as FedRAMP, HITRUST

Perks and benefits:

  • The usual suspects: market compensation with a generous bonus structure, health/dental/vision insurance
  • Not so usual suspects: education credits, charitable donation matching to the organization of your choice, and event ticket giveaways
  • A flexible work environment with an understanding that employees are people with lives outside of the office

If you have the exceptional combination of skills and qualities that we are looking for, then we’re excited to meet you!

We encourage people from underrepresented groups to apply. We are the world’s largest collaborative data community and we very much believe that our people need to represent the very diverse nature of the community we are serving and the customer base we are winning. We believe that diversity leads to the most creative discussions, ideas and outcomes.