Cybersecurity Compliance Lead
Fresche Solutions
full-time
Posted on:
Location Type: Remote
Location: Massachusetts • United States
Visit company websiteExplore more
Job Level
Tech Stack
About the role
- Lead the cybersecurity compliance program, combining hands-on operations with program leadership responsibilities
- Develop and mentor cybersecurity team members, including direct supervision, goal-setting, and professional development of junior analysts
- Lead development and execution of cybersecurity compliance strategies and solutions
- Drive organizational security program maturity through metrics development and process improvement
- Maintain compliance frameworks and attestations, including NIST CSF, ISO 27001, and SOC 2 Type II
- Provide strategic guidance to vulnerability management programs and security initiatives
- Conduct and oversee audits and assessments of systems, policies, and practices
- Develop and implement solutions to improve security compliance posture and performance
- Lead internal and external audit processes for cloud division operations
- Manage BIA, BCDR/IR planning, testing, and vendor risk management programs
- Serve as primary liaison with management, auditors, clients, and business partners
- Present compliance status and strategic recommendations to executive leadership
- Coordinate cross-functional teams to support security initiatives
- Manage client assurance programs and security questionnaire responses
- Research and maintain expertise in evolving security laws, regulations, and best practices
- Advise on security awareness training program on security compliance requirements
- Provide guidance on compliance decisions and risk acceptance recommendations
- Develop and maintain risk management strategy, policies, and procedures
- Ensure alignment between security compliance activities and enterprise risk management
- Continuously introduce positive changes and promote adoption of best practices to enhance security program effectiveness
- Foster a culture of security awareness and compliance throughout the organization
Requirements
- Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or a related field
- Professional certification in security or compliance domains, such as CISSP, CISA, CISM, or CRISC
- 3 years of experience in security or compliance roles, preferably in a similar industry or sector
- Experience in auditing Managed Service Providers (MSPs) and multi-tenant environments is essential
- Experience differentiating between in scope and out of scope and a line of demarcation between corporate networks, service networks, and customer cloud network, typically in an MSP context
- Experience managing audit when only part of the corporate network and Active Directory are in scope
- Ideal candidate will have technical experience with networks, Active Directory, perimeter security, systems, storage backup, disaster recovery, and virtual private networking
- Proficient in security and compliance frameworks and standards, such as NIST 800-53, ISO 27001, PCI DSS, SOC 2, or HIPAA
- Self-motivated, with the ability to adapt to change
- Excellent communication, writing, and presentation skills
- Ability to communicate effectively with different audiences and levels of authority
- Interpersonal skills to influence and spur change
- Strong analytical, problem-solving, and decision-making skills
- Ability to manage client expectations
- Excellent planning and organization skills
- Ability to work independently and collaboratively in a fast-paced and dynamic environment
- Energetic, professional, enthusiastic, and positive attitude
- Strong work ethic, high integrity, and commitment to success
Benefits
- great work-life balance
- flexible hours
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
cybersecurity compliancevulnerability managementrisk managementauditingnetwork securityActive Directorydisaster recoveryperimeter securitysecurity frameworkscloud security
Soft Skills
leadershipmentoringcommunicationanalytical skillsproblem-solvingdecision-makinginterpersonal skillsplanningorganizationadaptability
Certifications
CISSPCISACISMCRISC