Information Security Compliance Specialist

Ridgeline’s Compliance Specialist will have a unique opportunity to define and drive all compliance initiatives from the ground up.

In this position, you will work directly with the Chief Security Officer to collaborate with the other business leaders and teams to define, design, document, and implement appropriate policies, controls, and procedures. You will play a critical role in our journey to meet several regulatory and compliance standards beginning with SOC2 and ISO 27001. You will coordinate both internally and externally as needed to perform assessments and demonstrate our controls to external auditors.

Key Expectations
  • Implement and maintain a policy and compliance framework
  • Draft security policies and document controls and procedures
  • Execute readiness assessments/control testing
  • Work with process and control owners to help them understand audit requirements and audit results, identify remediation options, and prioritize their closure
  • Assist the CSO and leadership team in the development of the appropriate security documentation, including system security plans, information security policies, and risk assessment procedures
  • Assist management in assessing security impact on changes to systems and applications
  • Think creatively, own problems, seek solutions, and communicate clearly along the way
  • Contribute to a collaborative environment deeply rooted in learning, teaching, and transparency

Desired Skills and Experience
  • Bachelor's degree in Computer Science or Management Information Systems
  • 5+ years working in the information security compliance space, or relevant compliance consulting experience
  • Experience in regulatory and compliance standards such as SOC 1 and 2, ISO27001, GDPR, etc.
  • In-depth knowledge of security frameworks and best practices, such as CSA CCM, NIST, CoBIT, and Trust Criteria
  • Hands-on experience in performing readiness assessments and audits
  • Experience in both creating a program for and performing information security risk assessments and treatment plans
  • Understanding of technical and procedural practices needed to satisfy controls
  • Strong program/project management skills 
  • An aptitude for problem-solving
  • Ability to communicate effectively with colleagues at all levels
  • Serious interest in having fun at work

Nice-to-Haves
  • Experience with public cloud compliance
  • Certificate of Cloud Security Knowledge (CCSK)
  • Certified Information System Auditor (CISA)
  • GIAC Security Essentials (GSEC)

About Ridgeline
Ridgeline was founded by Dave Duffield in late 2017 to develop enterprise software for the investment management industry. Headquartered in the Lake Tahoe Basin, Ridgeline’s employees enjoy the lake-in-the-mountains setting and quality of life the location offers.

These company core values guide our collective and individual behavior, decisions, relationships, and points of view: Employees, Customers, Integrity, Innovation, Fun, and Profitability. If these values frame what’s important to you, perhaps you’re one of us.

Ridgeline is proud to be a community-minded, discrimination-free equal opportunity workplace.

Please contact careers@ridgelineapps.com for additional information.

Want to apply later?

Type your email address below to receive a reminder

Apply to Job

ErrorRequired field
ErrorRequired field
ErrorRequired field
Error
Error
insert_drive_file
insert_drive_file