Information Technology Compliance Manager

POSITION SUMMARY

This position is responsible for design, implementation, and ongoing maintenance of the Information Technology (IT) Compliance Program. This includes both internal controls definition, interpretation, and adherence efforts as well as supporting our customer's information security requirements. The successful candidate will also be responsible for helping keep the compliance program current with all applicable US and international IT regulations and guidelines and advising leadership on IT compliance matters.

DUTIES AND RESPONSIBILITIES

* Information Technology Controls Development

o Lead in the development of IT controls using best practice frameworks.

o Evaluate the effectiveness and applicability of IT controls

o Drive the adherence of IT controls and best practices.

o Keeping current on cyber best practices, strategies, and concepts.

o Holding technical teams accountable for security and compliance deliverables.

• Compliance Reporting




• Conduct compliance reviews and assessments.
• Craft reports and dashboards which show the current compliance condition and track relevant goals.
• Continually evaluate and baseline internal information security practices against nationally and internationally recognized frameworks.
• Support the Cybersecurity maturity program through tracking milestones and, programs, and initiatives.
• Work with Quality, Regulatory Affairs, and auditors to provide needed data or materials in the support of audits.
• Assist in the delivery of Third Party Risk Management (TPRM) attestations to customers




• Enterprise Compliance Maintenance




• Serves as the FedRAMP Program Manager
• Work with various IT groups to ensure that IT systems adhere to corporate standards
• Interact with various technology teams to confirm findings and mitigation.
• Assist in the execution of the Vulnerability Management Program
• Support IT Risk, Security, and Compliance certifications activities.

EXPERIENCE AND QUALIFICATIONS

• Bachelor's degree in a related field
• Minimum of five years of experience in managing complex IT compliance requirements.
• Experience with Information Technology and Information Security Concepts
• Experience in both U.S. and international data protection and privacy regulatory requirements, such as GDPR, CCPA, etc. (strongly preferred)
• Experience managing a FedRAMP program including developing the support deliverables for reauthorization as well as the monthly continuous monitoring standards and criteria.
• Experience as an auditor for a complex compliance regime such as ISO 27000, NIST 800-53, NIST 800-171, etc.
• Experience leading, managing, and mentoring individuals including direct reports, matrixed reports, and project assigned staff.
• The following audit or compliance certifications are preferred, but not required;




• CISA - Certified Information System Auditor
• CRISC - Certified in Risk and Information Systems Controls
• SSCP - Systems Security Certified Professional
• CSA CCSK - Certificate of Cloud Security Knowledge
• CSA CCAK - Certificate of Cloud Auditing Knowledge

KNOWLEDGE, SKILLS AND ABILITIES

• Strong problem solving, decision-making, reporting, communication and management skills.
• Strong organization, analytical and project management skills.
• Strong planning, implementation and negotiation skills.
• Effective interpersonal communication skills.
• Proficient computer skills, especially Microsoft Office applications.
• Ability to multi-task and track many simultaneous initiatives.
• Communication and Technical writing skills.
• Must work effectively with a team and individually
• Ability to evaluate regulatory documents and determine appropriate action
• Strong understanding of risk management concepts and the ability to apply them to a business environment.
• Familiarity with compliance certification regimes such as SOC 2, ISO 27001, and PCI. (Preferred)
• Understanding of the compliance inner workings and challenges of Amazon Web Services (AWS (Preferred)
• Expert level understanding of the following IT Compliance frameworks and regulations and how they apply in the commercial environment;




• ISO 27000 (27001 and 27017)
• Nist 800-53 or NIST 800-171
• FedRAMP
• SOC 2 (Preferred)
• GDPR or CCPA (Preferred)
• HIPAA or HiTrust (Preferred)
• 21 CFR Part 11 (Preferred)

PHYSICAL DEMANDS

This position requires the ability to work standing up in data centers, data closets and other secure environments, along with the ability to lift moderately heavy equipment when required.

WORK ENVIRONMENT

Office based with some travel between office sites.

COMPENSATION SUMMARY:

The annual base salary for this position ranges from $116,600 to $177,800. This salary range represents a general guideline as MSD considers other factors when presenting an offer of employment, such as scope and responsibilities of the position, external market factors, and the candidate's knowledge, skills, abilities, education and experience. Employees may qualify for a discretionary or non-discretionary bonus in addition to their base salary. These annual bonuses are intended to recognize individual performance and enable employees to benefit from the Company's overall success.

BENEFITS SUMMARY:

At MSD, we offer a comprehensive benefits package to support our employees' well-being and financial security. In addition to competitive salaries, our benefits include medical, dental, and vision coverage, along with prescription benefits. We provide a 401(k) plan with company matching, flexible spending accounts, and company-paid short- and long-term disability insurance as well as group life and accidental death and dismemberment insurance. Our offerings also encompass paid vacation, paid sick leave, paid holidays, and paid parental leave, along with an employee assistance program. Additional voluntary perks include a fitness club membership contribution, pet insurance, identity theft protection, home and auto insurance discounts, and optional supplemental life insurance.

EEO/AA STATEMENT:

MSD is an Equal Opportunity/Affirmative Action Employer. We are committed to fostering a diverse and inclusive workplace where all individuals are treated with respect and dignity. We welcome applications from all qualified candidates, making employment decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, genetic information, marital status, national origin, age, protected veteran status, pregnancy, disability status, or any other protected characteristic. For our full EEO/AA and Pay Transparency statement, please click on the following link: https://www.mesoscale.com/en/our_company/careers/equal_employment_opportunity_statement. Meso Scale Diagnostics uses E-Verify to validate the work eligibility of candidates.