IT Compliance & Risk Manager

About the Position:
MuleSoft's Governance, Risk, and Compliance (GRC) is looking for individuals to help us build our GRC program. The role will be instrumental in the design, build, maintenance, and management of key initiatives including ISO 27001, SOC 1/2, PCI, HIPAA, and other obligations. Our team is expanding in the main MuleSoft offices in San Francisco and Buenos Aires. The GRC's mission is to support our sales teams and cater to our customers needs in an ever changing compliance landscape.

The Compliance Manager will be an integral part of the team that will be responsible for scaling our global compliance program.  This person will start as an Individual Contributor and demonstrate the ability to quickly ramp up on security requirements, handle vendor questionnaires and requests, ability to audit/assess key vendors and, has experience working in a high demand compliance role.

This position will be helping guide many other large and complex projects, and will work closely across partner teams in Security, Operations, Engineering and Product Management.  They must have the ability to capture and articulate technical regulatory requirements, in a manner that brings clarity and eliminates confusion.  The successful candidate has a communicative and collaborative approach to management with a strong grasp of the English language. They know how to assess cost and risks, and you’re adept at guiding individual teams in striking a healthy balance between their needs and the needs of the larger program.  This role requires a mix of business and technical acumen, the ability to inspire and influence decisions pertaining to regulatory standards and a polished ability to communicate with key stakeholders.

Position Deliverables:

  • Manage, analyze, and complete a high volume of prospect and customer requests for information or questionnaires and lead customer-driven security evaluations
  • Advise on Information Technology General Controls (ITGCs)  processes and procedures.
  • Manage, analyze, assess and recommend security controls for various compliance programs
  • Perform compliance management and oversight of Scrum teams for implementing Compliance specific security controls
  • Work with auditors, applications, infrastructure and other teams to achieve and maintain certifications and ongoing compliance
  • Taking on multiple in-flight compliance programs including, HIPAA, IRAP, PCI, and GDPR efforts and others as they come online
  • Managed and lead company wide training on compliance programs
  • Perform relationship management and leadership of cross-cutting security development projects
  • Develop and guide evidence creation, validation, and assessment workflows
  • Strong verbal, presentation and written communication skills with the ability to appropriately communicate with the intended audience
  • Proven track record of handling multiple projects simultaneously.
  • Participate in the development and oversight of required corrective action plans relating to security compliance issues.
  • Support business relationships with the internal and external security auditors and regulators.
  • Support the communication of policies, procedures, and plans to internal stakeholders regarding security and compliance best practices around applicable laws, regulations and controls.
  • Partner with internal teams to ensure successful security programs that align with compliance requirements.

About You:

  • 3-7 years of experience in a technical compliance role around information security
  • Strong command of English both written and verbal
  • Experienced in running large scale cross cutting projects, requiring parallel efforts from multiple teams.
  • Skilled in the ability to see dependencies, blockers, must haves and showstoppers before others do, and your detailed project planning will account for them.
  • Ability to balance security priorities with compliance needs.
  • Strong and proven project management skills required.
  • Experience with developing security and compliance reporting.
  • Experience in Agile, Lean and/or scrum methodologies, not afraid to try and develop new process or methods
  • Demonstrated successful leadership skills with the ability to work effectively across various levels.
  • Clear experience and working knowledge of documentation management and GRC tools is a plus.
  • Exemplary track record of implementing innovative risk countermeasures and security controls specific to PCI-DSS, SSAE-16/18 or ISO 27001.
  • Self-directed and well organized; must be able to work with minimal supervision and meet deadlines with multiple projects
  • Experience in articulating security posture in a structured form, e.g. via RFP/RFI or questionnaires preferred
  • Certifications in one or more of the following areas preferred: CISSP, CISA, CISM, GCIH, CIPP, CCSK

About MuleSoft, a Salesforce company

Our mission is to help organizations change and innovate faster by making it easy to connect the world’s applications, data, and devices. Companies like Spotify, McDonald’s, and Unilever rely on MuleSoft to stay agile, deliver faster, and make the most of their IT investment with API-led connectivity. Hiring exceptional people who want to build a great company together is our number one priority, and we’re committed to providing an equal opportunity workplace where everyone is supported and inspired to do their best work. We work tirelessly to build this culture, and we’re proud to have been named the #1 Top Workplace in the Bay Area and a best place to work 6 years in a row. and are Equal Employment Opportunity and Affirmative Action Employers. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Headhunters and recruitment agencies may not submit resumes/CVs through this Web site or directly to managers. and do not accept unsolicited headhunter and agency resumes. and will not pay fees to any third-party agency or company that does not have a signed agreement with or


Otros trabajos que pueden interesarte

Employee Success Operations Analyst


Semi Senior | Administración

Employee Compensation Analyst


Semi Senior | Administración

DevOps Manager


Lider | Tecnología

¿Querés ser el primero en descubrir todas las novedades?

Suscribite YA y recibí información con el mejor contenido, empresas y oportunidades laborales.