HBR Consulting LLC

  • Compliance + Risk Manager

    Posted Date 2 weeks ago(10/8/2018 12:28 PM)
    Job ID
    # of Openings
    Location : Location
    Practice Group
    Managed Technology Services
  • Overview

    The Compliance + Risk Manager is responsible for information security leadership in designing, developing and implementing information security policies, procedures, and standards. In addition, this position assesses the information security program compliance with policies, procedures, and industry standards; and manages overall compliance with industry and federal customer information security requirements. The Security Compliance Manager also contributes to performing security assessments, operationalizing security protocols, and maintaining the security posture of systems throughout their life cycle. The position is responsible for leading development of policies and procedures to support the company’s continued certification with ISO/IEC 27001 and SOC 2 Type II.


    • Work with the CISO to Lead security activities to achieve and maintain compliance with current certifications
    • Lead management on risks and actions to monitor, remediate & report.
    • Lead third party and supplier risk management programs and assessments
    • Monitor and enforce the vulnerability management program
    • Monitor and enforce information security policies
    • Work with the CISO on privacy management and foster an operational security committee
    • Design and may conduct training for computer security education and awareness programs
    • Participate in BC/DR planning and exercises.
    • Additional duties as assigned.


    • B.S. or equivalent in Computer Science, Information Science & Technology, or related field.
    • 10 years of experience in information security policy, security authorization, and technical practice.
    • CISSP or CISM required. Other information security certifications highly desired.
    • Experience with secure development practices preferred.
    • Experience working in a regulated environment.
    • Experience in ISO/IEC 27001, and SOC compliance environments.
    • Familiarity with NIST SP 800 series, ISO/IEC 27000 series, and similar standards.
    • Excellent verbal and written communication skills.
    • Strong interpersonal skills; Ability to build relationships.
    • Strong sense of professionalism.
    • Ability to multi-task, set priorities, and meet deadlines in a fast-paced environment.
    • Strong organizational skills.


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed