Security Compliance Program Manager – Rstudio

22% 1-Year Employee Growth Rate | 63% 2-Year Employee Growth Rate | LinkedIn | $0 Venture Funding

What Is Employee Growth Rate & Why Is It Important?

We are looking for an experienced Security Compliance Program Manager to help grow and guide our information security compliance program. As a key member of the IT & Security team, you will have broad responsibilities and will be an integral part of building and formalizing our program to ensure security and privacy is embedded in every level of the organization. This is a new role at RStudio and the duties are currently handled by the Director of Information Security.

Security and regulatory compliance controls should define the foundation on which the rest of the organization operates and be the guardrails that allow them to do it safely and effectively. RStudio is staffed with people who genuinely want to do the right thing, our job is to enable them to do it in the safest and most effective way possible.

You will be responsible for identifying and driving initiatives to ensure compliance with federal, state, and international security and privacy regulations as well as requirements brought in by contractual obligations. You will guide and manage the development of process improvements, projects, and roadmaps as well as driving operational and reporting activities. Our products are used in a variety of regulated environments and we must know not only how those regulations apply to us, but also be able to confidently and consistently share this information with our customers.

RStudio has been a 100% distributed company with a SaaS-based infrastructure from its inception. This presents unique challenges and requires pragmatism and creativity to be successful. The position requires the ability to be proactive and strategic while being comfortable with rolling up one’s sleeves.

Much of what our team does is being expanded or formalized for the first time. If you are looking to step into an established compliance program, this is not for you. If you’ve always wanted the challenge and authority to build out your own program the right way, to make compliance meaningful, and not just a checkbox, this could be that chance.

RStudio is a remarkable organization working to advance the field of data science. If you’re looking for challenging work, dedicated colleagues, and an employer with a social conscience, take a look at https://www.rstudio.com/about/what-makes-rstudio-different/ and see if this is right for you.

What you’ll be doing:

• Maintain a common control framework for the alignment of security controls across relevant security standards and frameworks.
• Manage and own major GRC-focused initiatives from beginning to end with minimal supervision.
• Manage security compliance programs and assessments while working to standardize and optimize policies, standards, and procedures across RStudio.
• Assess and track compliance with regulatory and legal requirements relevant to RStudio and its customers as well as to our contractual commitments.
• Identify, maintain, publish requirements, and execute strategy for dealing with increasing number of questionnaires, inbound and outbound due diligence requests, compliance checks, and external assessment processes for standards such as PCI DSS, GDPR, SOC 2, ITAR, ADA, HIPAA, NIST 800-171, FISMA, etc.
• Write, revise, communicate, and ensure compliance with internal security governance policies, standards, and procedures.
• Maintain regular compliance metrics and KPIs to include in management reporting.
• Define and execute existing or new compliance initiatives while tracking changing regulatory requirements.

• Drive the vendor risk assessment process of proposed third-party software services and assist with evaluating the security controls and policies of our existing vendors.
• Lead the escalation and resolution of risk and compliance issues with appropriate cross functional leadership.
• Drive information security training and awareness.
• Create and maintain project delivery execution plans and roadmaps.

About you:

• You thrive on solving problems through investigation and deductive reasoning and aren’t afraid to ask for help. You are internally driven by curiosity and continuous learning.
• You invest in strong relationships with your colleagues and employ empathy when working through their security and compliance issues. You have the ability to communicate with people on all levels, and help make complex issues easier to understand.
• You are self-driven and maintain a high degree of professional conduct at all times. You are highly ethical, possess excellent decision-making capabilities, and execute good time management skills.
• You possess excellent documentation skills and the ability to scope and manage multiple projects concurrently. Experienced at preparing compliance reporting and associated presentation materials. The ability to effectively document in this role is critical.
• Metrics driven, understands, develops and delivers meaningful risk-based operational metrics, dashboards and reports to a wide audience demonstrating our current program state and adherence to frameworks and standards.
• Strong knowledge of security risk management and running audit, certification, and compliance programs.
• Understand current IT and security regulations and standards, as well as risk countermeasures and compensating controls.
• Proven experience building compliance programs from the ground up and delivering successful results with first-time internal and external audits.
• Experience in contributing to compliance tool planning and management.
• Experience in meeting goals in a fast-paced environment with rapidly evolving needs.

About us:

• RStudio is a Public Benefit Corporation (PBC) and a Certified B Corporation®, which means that our open-source mission is codified into our charter, and that our corporate decisions balance the interests of the community, customers, employees, and shareholders.
• We welcome all talented colleagues and are committed to a culture that represents diversity in all its forms.
• We prioritize giving ourselves “focus time” to get deep work done. We minimize meetings and aim to operate asynchronously.
• We are a learning organization and take mentorship and career growth seriously. We hope to learn from you, and we anticipate that you will also deepen your skills, influence, and leadership as a result of working at RStudio.
• We operate under a unique sustainable business model: over 50% of our engineering group is dedicated to creating free and open source software.  We are profitable and we plan to be around decades from now.

Notable:

• 100% distributed team with minimal travel
• Competitive compensation with great benefits including: medical/dental/vision insurance (100% of premiums covered)
• 401k matching
• a home office allowance or reimbursement for a coworking space
• a profit-sharing program
• Flexible environment with a generous vacation policy

RStudio is committed to being a diverse and inclusive workplace. We encourage applicants of different backgrounds, cultures, genders, experiences, abilities, and perspectives to apply. All qualified applicants will receive consideration for employment without regard to race, color, national origin, religion, sexual orientation, gender, gender identity, age, physical disability, or length of time spent unemployed.

Tagged as: >50% 2 Yr Employee Growth, 201-500 Employees