The Information Systems (IS) Compliance Manager leads our work to achieve relevant certifications such as SOC2 as well as compliance with regulatory frameworks such as GDPR, SOC2, and other relevant standards.
This role is to ensure that Canonical conducts its business processes in compliance with laws and regulations, international standards, and accepted business practice.
This position is for an individual with the knowledge, drive, and personal motivation to set up a strong governance framework in a fast-growing tech company.
It requires a background in IT internal audit and an appreciation of the challenges involved in driving security/compliance initiatives in a software engineering organization.
This role can be home or office based.
Periodic international travel for training and business meetings is required.
Key Responsibilities:Shape and drive the company's information security risk management and internal control framework.Maintain and develop information security policies, and verify compliance with those policies.Work with our Legal team to respond to internal and external information security compliance issues.Collaborate closely with leaders to understand their security, privacy, and compliance requirements.Ensure that customer data is safeguarded and used ethically and responsibly.Organize and conduct Risk/Privacy/Compliance training and assessments.Educate and inform employees about our practices and standards.Manage internal and external audit and testing programs, reporting risks that need correction.Prioritize compliance work.Coordinate activities with external consultants and internal stakeholders for quality compliance (e.g., ISO 9001, 15504).Review and respond to security questionnaires and contract questions from customers. Required Skills and Experience:Bachelor's degree (or equivalent) in Computer Science, Information Systems, or related field.Familiarity with procurement compliance obligations, contractual security, and privacy.Experience defining and implementing appropriate methodologies for auditing, takedown processes, and law enforcement.Ability to be an ambassador for compliance policies and procedures within a highly technical software organization.Articulate communication regarding situational awareness, change management, and access control.Demonstrated ability to explain risk assessments, actions needed, and cost implications.General understanding of international privacy and compliance legislation, including the GDPR.Experience working with legal, audit, and compliance staff.Experience developing and maintaining policies, procedures, standards, and guidelines.Experience driving risk-based decisions supporting business owner expectations and needs. Valuable Experience:Affinity with Open Source software with regards to compliance.
#J-18808-Ljbffr