Security Compliance Manager

The Security and Compliance Manager shall be responsible for, but not limited to, the following:

Ensuring the organization’s information systems and data are secure and comply with relevant laws, regulations and internal policies. This role involves developing, implementing and managing security policies and procedures, conducting risk assessments and leading efforts to maintain compliance with regulatory requirements. The Manager of Security and Compliance plays a vital role in safeguarding the organization’s information assets and ensuring adherence to regulatory requirements. This position requires a combination of technical expertise, leadership skills and a deep understanding of security and compliance frameworks. 

Key Responsibilities:

• Security Policy Development and Management:
  1. Develop Security Policies: Create, implement and maintain security policies, standards and guidelines to ensure the protection of information assets.
  2. Policy Enforcement: Ensure adherence to security policies across the organization through regular monitoring and enforcement.
  3. Policy Review: Periodically review and update security policies to reflect changes in regulatory requirements, industry standards and emerging threats. 
• Compliance Management:
  1. Regulatory Compliance: Ensure compliance with relevant laws, regulations and industry standards (e.g., GDPR, HIPAA, PCI-DSS).
  2. Internal Audits: Conduct internal audits and assessments to verify compliance with policies and regulations.
  3. Respond to Audit Findings: Address and remediate any compliance issues of findings for internal and external audits.
• Risk Management:
  1. Risk Managements: Conduct regular risk assessments to identify and evaluate potential security threats and vulnerabilities.
  2. Risk Mitigation: Develop and implement risk mitigation strategies and controls to reduce identified risks to acceptable levels. 
  3. Incident Response: Lead the incident response process, including investigation, containment and remediation of security incidents. 
• Security Awareness and Training:
  1. Training Programs: Develop and deliver security awareness training programs to educate employees about security policies, procedures and best practices.
  2. Communication: Communicate security and compliance updates and initiatives to employees and stakeholders.
• Security Monitoring and Reporting:
  1. Security Monitoring: Monitor security systems and tools to detect and respond to security events and incidents.
  2. Reporting: Provide regular reports on security and compliance status, including metrics, trends and areas for improvement.
  3. Continuous Improvement: Identify and implement opportunities for improving security and compliance practices. 
• Collaboration and Coordination:
  1. Cross-Functional Collaboration: Collaborate with IT, legal, HR and other departments to ensure a holistic approach to security and compliance.
  2. Vendor Management: Assess and manage the security and compliance practices of third-party vendors and partners. 

Required Technical Skills:

• Proficient with security technologies and tools (e.g., SIEM, firewalls, IDS/IPS, DLP).

• In-depth knowledge of security frameworks, standards and regulations (e.g., ISO 27001, NIST, GDPR, HIPAA, PCI-DSS).

Required Soft Skills:

• Ability to work without direct supervision.
• Excellent verbal communication skills.
• Strong analytical and problem-solving skills to identify and mitigate security risks.
• Excellent written and verbal communication skills, with the ability to effectively communicate complex security and compliance issues to technical and non-technical audiences.
• Strong project management skills, with the ability to manage multiple initiatives simultaneously. 

Competencies:

• Leadership: Ability to lead and manage a team, providing direction, motivation and development opportunities.
• Strategic Thinking: Ability to think strategically about security and compliance in the context of the organization’s goals and objectives.
• Attention to Detail: High attention to detail to ensure accuracy and thoroughness in security assessments and compliance audits.
• Integrity: High ethical standards and integrity in handling sensitive and confidential information.
• Adaptability: Ability to adapt to changing regulatory requirements and evolving security threats.
• Collaboration: Strong interpersonal skills and the ability to work effectively with cross-functional teams and external partners.
• Initiative: Proactive approach to identifying and addressing security and compliance issues before they become critical. 

Physical Requirements:

He or she will be required to sit and stand for long periods of time.  He or she will be required to stoop, bend, and reach above the head and below the knees to file and retrieve data.

Educations, Certifications and Experience:

• Minimum of 5-7 years’ experience in information security, compliance, or a related field.

The following is preferred:

• Bachelor’s degree information security, cyber security, computer science, or a related field.
• Master’s degree or relevant certifications (e.g., CISSP, CISM, CISA).

Other:

The Security and Compliance Manager is a salary position and reports to the Vice President of IT. Standard hours: 7:30am- 4:30pm (subject to management’s discretion) 

Prairie Farms Dairy Inc is an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity or expression, pregnancy, age, national origin, disability status, genetic information, protected veteran status, or any other characteristic protected by law