Manager, InfoSec Compliance & Governance

About the Role

As a Manager of InfoSec Governance & Compliance, you will play a critical role in ensuring our organization meets compliance standards and protects sensitive data across our international operations. You will work closely with technical experts, legal counsel, and other global stakeholders, applying analytical and interpersonal skills to bridge operational and technical gaps. You will deliver program activities on-time for successful assessments and audits.

Key Responsibilities:

1. Compliance Management: Facilitate audits and assessments to ensure compliance with relevant regulatory standards (e.g., GDPR, CCPA, PCI DSS, SWIFT, SOX). Support compliance activities and ensure compliance program activities are scheduled and effectively managed.
2. Policy Development: Draft, update, and enforce compliance with IT security policies, procedures, and guidelines in line with global and regional regulations. Collaborate with business units to ensure policies are communicated and implemented effectively.
3. Third Party Risk Management: Evolve and execute vendor security assessment processes. Review vendor security documentation, identify potential risks, and maintain vendor risk ratings. Collaborate with procurement and legal teams on vendor contracts and security requirements.
4. Technical Control Implementation: Work with IT and development teams to validate technical security controls. Evaluate technical solutions for compliance with regulatory requirements. Follow and maintain control testing procedures and schedules.
5. Collaboration: Liaise effectively with technical teams (e.g., IT operations, cybersecurity), legal (e.g., compliance officers, external counsel), and business teams to align compliance initiatives.
6. Training & Awareness: Develop and deliver training programs to educate employees on security compliance and best practices.
7. Documentation: Maintain accurate and up-to-date records of compliance activities, audits, and risk assessments.
8. Continuous Improvement: Monitor and evaluate the effectiveness of compliance programs and recommend enhancements.
9. Technical Communication: Communicate technical and regulatory specifications and requirements to non-technical personnel clearly and understandably.

• Education: Bachelor’s degree or equivalent in Computer Science, Information Security, or a related field. An advanced degree is preferred.
• Experience: 4+ years in IT security compliance, preferably in a global retail or eCommerce environment, with a proven track record of creating and reviewing compliance policies.
• Technical Skills:
  • Strong knowledge of compliance standards like GDPR, CCPA, PCI DSS, SOX
  • Familiarity with risk management frameworks such as NIST, ISO 27001
  • Experience with cloud security platforms (e.g., AWS, Azure, Google Cloud)
  • Proficiency in security tools and technologies (e.g., FW/WAF, SIEM, DLP, IAM)
  • Familiarity with engineering development toolchains and capabilities
• Soft Skills / Competency:
  • Proactive problem-solver who can identify compliance gaps early
  • Exceptional critical thinking and problem-solving abilities for complex issues
  • Strong interpersonal and communication skills for diverse stakeholder engagement
  • Adaptability and cultural sensitivity in a global environment
  • Proactive risk and opportunity identification
  • Attention to detail with excellent organizational and time-management skills
  • Ability to explain technical and compliance concepts clearly to non-technical audiences

• Certifications: CISA, CISM, CISSP, or equivalent
• Additional Experience:
  • Experience with Governance, Risk & Compliance (GRC) platforms
  • Experience with cloud security platforms (e.g., AWS, Azure, Google Cloud)
  • Experience conducting IT compliance assessments is a plus
  • Experience with data privacy regulations and frameworks (e.g., CPRA, ISO 27701)
  • Familiarity with DevSecOps practices and tools