Manager, Security Risk & Compliance 8/27/2016

Saba Software Redwood Shores, CA

Company
Saba Software
Job Classification
Full Time
Company Ref #
10248
AJE Ref #
575994091
Location
Redwood Shores, CA
Experience
Mid-Career (2 - 15 years)
Job Type
Regular
Education
Bachelors Degree

JOB DESCRIPTION

APPLY
The Security Risk and Compliance Manager is responsible for managing all compliance related activities within the Saba platform and supporting other global compliance related initiatives. Compliance activities will include coordinating internal and external assessments/audits, contributing to policy and standards updates, developing compliance framework and producing compliance reports, metrics, scorecards and dashboards. This position will require some technical background with appropriate security training/skills.

* Lead, manage and improve security compliance program for Saba* Coordinate external audits, third party penetration tests and customer assessments of Saba platform* Develop compliance strategy in alignment with business requirements, objectives and metrics* Translate legal, statutory and contractual obligations into a cohesive collection of processes and provide the respective stakeholders with the compliance requirements and methodologies* Interface with management and partner with groups such as development, operations and service delivery on how to best improve security compliance and reduce risk* Use key business measurements to identify and drive process improvement opportunities for compliance and risk management* Review and update security policies and standards on a regular basis to address new threats, new industry practices, requirements and standards based on security and compliance requirements* Coordinate regular system and network audits, reviews, and tests to verify compliance with security policies and standards* Conduct and/or interpret network, system and application vulnerability assessments and track through to remediation* Monitor internal and external security advisories that impact security, risk and compliance requirements* Support the implementation of security controls and recommend areas for risk reduction* Support RFP and contractual agreements process in assessing security requirements from potential customers* Develop and enhance an information security, risk & compliance management framework based on CobIT/Risk IT, NIST, ISO and CSA CCM/STAR* Manage updates to the external and internal security portals* Assist and improve security awareness program* Assist and improve governance activities* Evaluate suspected security breaches, work with subject matter experts, and recommend corrective actions Skills & Experience:* 5-8+ years of experience in information security, compliance, audit and/or risk management* 5-8+ years of experience in information technology environments* End-to-end security experience including web, application, network, OS and database* Knowledge of security issues, trends, best practices* Familiarity with audit, business and segregation of duties, risks, and controls* Ability to foresee and identify mitigation strategies for risks* Knowledge of security legislation/industry standards such as SSAE16/SOC2, ISO 27001/27018, PCI-DSS, HIPAA, NIST, 21 CFR Part 11 and CSA CCM/STAR desirable* Working knowledge in one or more privacy laws such as GLBA, HIPAA, EU DPA, UK DPA, FCRA, Safe Harbor /Privacy Shield desirable* Excellent communication and presentation skills * Ability to communicate well up to line management and also motivate technical teams* Ability to work autonomously with flexibility and excellent judgment * Ability to work effectively under pressure to meet deadlines * Ability to solve problems quickly and automate processes* Ability to work cooperatively as part of a team * Bachelors degree in computer science, information technology or other related major required* CISSP, CISM, CRISC and/or CISA desired

Saba is an Equal Employment Opportunity Employee. If you are an individual with a disability and require a reasonable accommodation to complete any part of the application process, or are limited in the ability or unable to access or use this online application process and need an alternative method for applying, you may contact Saba Software at (650) 581-2659 for assistance. Excellent Benefits:We offer all employees a comprehensive benefit plan, 401K, generous vacation/time off and much more.Saba does not accept resumes from headhunters, placement agencies or other suppliers that have not signed a formal agreement with us. Our supplier base is restricted to specified hiring needs. Therefore, any resume received from an unapproved supplier will be considered unsolicited, and Saba will not be obligated to pay a referral or placement fee.ABOUT SABA:Saba helps organizations transform the way they work by enabling the continuous learning, engagement and development of everyone in their people network, including employees, partners, and customers. Supporting the new world of work, Saba delivers learning, performance, succession, career development, workforce planning and compensation solutions that incorporate modern technologies such as social, collaboration, mobile and gamification. Saba solutions are based on the Saba Cloud platform, a highly scalable architecture that exceeds industry scalability, performance, and security standards. With 2,200 customers and 31 million users around the globe, Saba helps the world's best-known and most innovative brands adapt to the future of work by continuously developing, engaging and inspiring their people. In turn, these smart, innovative and forward-looking organizations push Saba to continuously innovate, improve and scale solutions and technologies to help them deliver business results and achieve business transformation. Fifty-one percent of the Fortune 100 rely on Saba to manage their mission-critical learning and talent management processes. Saba's customer base includes major global organizations and industry leaders in financial services, life sciences and healthcare, high tech, automotive and manufacturing, retail, energy and utilities, packaged goods, and public sector organizations..