Audit and Compliance Lead (Security)
This position reports to the Chief Information Security Officer in the Climate Security Office.
In this position you will:
- Be responsible for managing Climate’s security Audit and Compliance activities, making sure that internal and external audits go smoothly and we recognize and meet our security and privacy statutory and regulatory compliance obligations.
- Work directly with senior management and their teams across all of Climate’s departments to help each understand Audit procedure, to facilitate a smooth audit process, to deliver Audit findings, and to assist with development and reporting of remediation plans.
- Work with the same senior management and their teams to make them aware of our compliance obligations, and to ensure that they take proactive steps to ensure verifiable compliance in our products and services, and business operations.
Have a role in capturing our security and privacy practices and working with the Governmental Affairs team to respond to inquiries from local, state, and national-level governments, and to work on policy papers and discussions whether proactively or in response to proposed law and rule making activity.
- Work across the Security Office to ensure that Audit and Compliance activities are aligned with the Information Security Management System (ISMS), to adequately capture, quantify, and report risk based based on negative Audit findings and identified areas of non-compliance with statutory and regulatory security and privacy obligations, and to provide your expertise and insight in setting strategy and direction for the information security program.
- You may also lead a small team of full-time and contingent staff who will assist you.
What You Will Do:
At Climate, we are a global digital products and services company, subject to many statutory and regulatory security and privacy compliance obligations such as data protection law, e-marketing rules, and security of network and information systems to name a few.
Our internal Audit team regularly tests our administrative, physical, and technical controls and associated policy, standards, baselines, guidelines, and Standard Operating Procedures (SOPs), to measure us against our self-stated practices and performance. Detailed audit reports point out where we are failing. You will work with the Audit team to determine the schedule for security and privacy audits, and facilitate introductions to, and communications with, areas of the business under Audit. You shall take Audit findings and work with management and their teams to help them understand the results provided. Where Audit findings are negative, you will work to help Departments develop appropriate and sufficient Audit remediation plans, for submitting back Audit. You will work with Audit to ensure that the submitted plans are deemed sufficient to address findings. You will work with the Departments to monitor execution of their Audit remediation plans, to ensure that they remain on track.
You will also work with external security and privacy auditors, facilitating the attainment of industry certifications and attestations such as ISO/IEC 27001 and SOC2 reports.
You will be responsible for working with colleagues globally in Law, Patents, and Compliance (Legal), and others to identify, applicable statutory and regulatory compliance obligations that Climate must adhere to, and work with Engineering and Operations teams, as other Departments as necessary, to translate those obligations into product features, enhancements, functionality, and services. You will be responsible for tracking implementation activity against plan, and report progress to the Security Office and to Executive Management.
Our need for information security is critical. You will be responsible for examining our existing information security policy and standards, those of our parent companies, and industry standards such as ISO/IEC 27001, to develop a robust, complete set of policy and standards for Climate. Through mapping, you will be able to demonstrate that Climate’s policy and standards, while adapted for our culture, our digital manufacturing, and our distinct product and services portfolio, are consistent with those of our parent companies. You shall collaborate with, seek, and obtain approval for our policy and standards from various Security and Policy and Standards Committees in our parent companies, as well as Climate’s Executive Management.
You shall work with the various Departments at Climate such as Engineering, Operations. IT, Marketing, Finance, etc. to communicate the policy and standards, and to guide and steer them in the development of controls to implement them, and the related baselines, guidelines, and Standard Operating Procedures (SOPs). You shall work with the Education and Awareness team to develop training for Climate Staff in the policy and standards, appropriate for their job roles.
Possibility to manage a small team of full-time and contingent staff to assist you in your duties. You will review and approve their work, and mentor and guide them in these responsibilities, and will act as an escalation point for issues they are unable to resolve. You will partner with the business on all matters of allocation of the staff resources at your disposal, understanding their project plans, deliverables, timeframes, and skills required to meet their needs. You will conduct performance reviews of full time staff, and manage staff augmentation contracts.
- Bachelor degree in Accounting, Computer Science, Mathematics, or Science, Computer or Electrical Engineering, or equivalent experience.
- Hands-on audit and/or compliance management experience.
- Knowledge and expertise of operating within Information Security Management Systems.
- Experience presenting complex technical cybersecurity and privacy issues and solutions in a concise and easy to understand manner to senior and executive management.
- Advanced degree, such as a JD, Post-Graduate Diploma, or Masters degree.
- Experience with ISO/IEC 27001, ISO/IEC 27002, ISO/IEC 27017, NIST Risk Management Framework and SP800 series publications, COBIT, etc.
- Knowledge of approaches to integrate Policy and Standards work into Audit and Compliance programs.
- Results-oriented with the demonstrated ability to effectively prioritize and successfully manage security-related projects.
- Team management and leadership skills.
- Track record of senior management and C-level presentations.
What We Offer:
Our teams are composed of industry experts, top scientists, and talented engineers. The environment is extremely engaging and fast-paced, with dozens of specialties coming together to provide the best possible products and experiences for our customers.
We provide competitive salaries and some of the best perks in the industry, including:
- Superb medical, dental, vision, life, disability benefits, and a 401k matching program
- A stocked kitchen with a large assortment of snacks & drinks to get you through the day
- Encouragement to get out of the office and into the field with agents and farmers to see first-hand how our products are being used
- We take part and offer various workshops, conferences, meet-up groups, tech-talks, and hackathons to encourage participation and growth in both community involvement and career development
We also hinge our cultural DNA on these five values:
- Inspire one another
- Innovate in all we do
- Leave a mark on the world
- Find the possible in the impossible
- Be direct and transparent
Learn more about our team and our mission:
The Climate Corporation - The Technology Behind Making A Difference
As part of our dedication to the diversity of our workforce, The Climate Corporation is committed to Equal Employment Opportunity without regard for race, color, national origin, ethnicity, gender, protected veteran status, disability, sexual orientation, gender identity, or religion. If you need assistance or an accommodation due to a disability, you may contact us at firstname.lastname@example.org