Senior Security Compliance Associate
Flexport Security team is growing and looking for a highly motivated security compliance specialist to join our team and drive regulatory and certification compliance requirements for our products. You will help to build and manage our security compliance program. You should be a technically experienced and innovative security, risk, compliance, and audit professional who has the ability to understand systems, security, and privacy processes, communicate to customers, and be able to drive innovative process changes through multiple organizations and teams.
Key job responsibilities
- Understand and rationalize compliance requirements for service and device security.
- Provide business-specific interpretations and support automation opportunities
- Review security controls that are technical in nature, such as access controls, data encryption in transit and at rest, and auditing and logging user activity
- Engage with the Business and SMEs to ensure compliance with information security policies
- Liaise with auditors, articulate control implementation and impact, and establish considerations for applying security, privacy, and compliance concepts to a technical cloud environment
- Maintain control libraries and compliance requirements and guidance materials for various security standards and regulations
- Experienced in reporting metrics, timelines, and effective project management skills.
- Provides input to privacy, disclosure, and confidentially guidelines.
- Assists in the implementation of processes and procedures for compliance reporting and metrics activities.
- Researches best practices and innovative approaches to enable assessment and communication of compliance risk and metrics.
- 2-4 years of experience in security or compliance consulting or advisory work in support of a highly technical environment
- 2-4 years of experience in performing and/or participating in technical assessments in direct support of a major compliance effort (e.g. China information security-related law and regulations, GBT, NIST, SOC1, ISO, or ISO)
- 2-4 years of experience designing, implementing, and/or running technical GRC solutions
- Master’s degree in Information Security, Computer Science, Risk Management, Data security with 5 years of experience, or equivalent Bachelor’s degree with 5 years of experience.
- Experience working directly with security engineers, auditors, and development teams
- Excellent English is written and verbal communication skills while engaging both technical and non-technical stakeholders
- Proficient Chinese reading and speaking skills