Information Security Risk and Compliance Manager

Location: Pittsburgh, PA
Type: Full Time
Department: IT
Status: Open
Required Experience: Mid Level

Job Description

The Information Security Risk and Compliance Manager is responsible for implementing, maintaining and strengthening Panopto’s information security compliance programs through strategic planning and risk assessments. Working with key stakeholders, the Information Security Risk and Compliance Manager coordinates enterprise-wide compliance efforts relating to information security, vendor risk, records management, incident readiness, incident recovery management, and corporate information security, risk management, and privacy policies and standards.

About Panopto 

At Panopto, we believe that video is having a transformative effect on learning. So, we built a video platform that helps businesses and universities improve the way that they train, teach, and share knowledge.  Since our founding in 2007, we’ve been a pioneer in video capture software, video content management systems, and inside-video search technology. We’ve been repeatedly recognized by Deloitte as one of the fastest-growing technology companies in North America, and by Gartner and others as a leader in video content management.

What you will do in this role

Strategy and Planning

  • In partnership with functional leaders throughout the company, develop, manage and set the company-wide strategy for Information Security compliance, including establishing goals and priorities, leading initiatives, and promoting awareness of those goals company-wide
  • Maintain and communicate the Information Security policies and standards, and maintain/communicate these regularly
  • Coordinate an annual SOC2 Type 2 audit
  • Lead the Security Council, a cross-functional team across the organization maintaining Information Security objectives and compliance

Communication

  • Ensure global staff remains knowledgeable of emerging information security trends and technologies through regular communications and training efforts
  • Lead incident readiness and incident recovery efforts and consult with senior management
  • Advise senior management of changes in the technical and legal requirements
  • Improve security awareness and instill a security-aware culture in the organization
  • Engage with customers to discuss the company’s security controls

Information Security Management

  • Ensure technology compliance with company-wide information security policies
  • Define and report on information security metrics
  • Define and approve architecture, policies, standards, guidelines, and any exceptions
  • Collaborate with architecture and infrastructure teams to define roadmaps and planned work

Operational Excellence

  • Review threat and vulnerability reports and security controls
  • Maintain awareness of IT/Security industry trends and emerging threats
  • Ensure security processes, practices and operations are in place and managed effectively
  • Lead efforts to create security standards and the development of security requirements
  • Collaborate with key internal partners to identify, prioritize and respond to risks
  • Oversee ongoing security monitoring and continuous improvement of information systems
  • Perform risk assessment and gap analyses, and implement recommendations
     

More about you

  • A bachelor’s degree in Computer Science or related field
  • Five years of experience in a technology, IT security and/or compliance role
  • Solid familiarity with cloud technologies, environments, architecture, and security
  • Experience in developing, implementing, and maintaining information security controls and policies
  • Proven project management and organizational skills, specifically managing multiple concurrent projects and/or clients
  • Certifications or the ability to obtain certification, such as CISSP, CISA, or CISM are preferred 
  • Excellent analytical, problem-solving and decision-making skills, applied with a solution-focused attitude
  • Excellent verbal communication skills and experience influencing key stakeholders
  • Excellent written communication skills, demonstrating the ability to write with purpose, clarity, and accuracy
  • Experience or familiarity with information security frameworks and standards such as ISO27001, ISO27002, SOC2 Type 2, Privacy Shield, GDPR, and NIST

We expect a lot and so should you

  • Opportunity to learn and stretch your capabilities
  • Market-competitive total compensation
  • Employee stock options
  • Employer-paid health benefits
  • Paid time-off and holidays
  • An award-winning work environment with free snacks, games, and great co-workers

Application

* Required fields
First name*
Last name*
Email address*
Location
Phone number*
Resume*

Attach resume as .pdf, .doc, .docx, .odt, .txt, or .rtf (limit 5MB) or paste resume

Paste your resume here or attach resume file

Cover Letter
The following questions are entirely optional.
To comply with government Equal Employment Opportunity / Affirmative Action reporting regulations, we are requesting (but NOT requiring) that you enter this personal data. This information will not be used in connection with any employment decisions, and will be used solely as permitted by state and federal law. Your voluntary cooperation would be appreciated. Learn more.
Gender
Race/Ethnicity

Invitation for Job Applicants to Self-Identify as a U.S. Veteran
  • A “disabled veteran” is one of the following:
    • a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or
    • a person who was discharged or released from active duty because of a service-connected disability.
  • A “recently separated veteran” means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.
  • An “active duty wartime or campaign badge veteran” means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.
  • An “Armed forces service medal veteran” means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.
Veteran status
I IDENTIFY AS ONE OR MORE OF THE CLASSIFICATIONS OF PROTECTED VETERAN LISTED ABOVE
I AM NOT A PROTECTED VETERAN
I DON’T WISH TO ANSWER

Voluntary Self-Identification of Disability
Voluntary Self-Identification of Disability Form CC-305
OMB Control Number 1250-0005
Expires 1/31/2020
Why are you being asked to complete this form?

Because we do business with the government, we must reach out to, hire, and provide equal opportunity to qualified people with disabilities.i To help us measure how well we are doing, we are asking you to tell us if you have a disability or if you ever had a disability. Completing this form is voluntary, but we hope that you will choose to fill it out. If you are applying for a job, any answer you give will be kept private and will not be used against you in any way.

If you already work for us, your answer will not be used against you in any way. Because a person may become disabled at any time, we are required to ask all of our employees to update their information every five years. You may voluntarily self-identify as having a disability on this form without fear of any punishment because you did not identify as having a disability earlier.

How do I know if I have a disability?

You are considered to have a disability if you have a physical or mental impairment or medical condition that substantially limits a major life activity, or if you have a history or record of such an impairment or medical condition.

Disabilities include, but are not limited to:

  • Blindness
  • Deafness
  • Cancer
  • Diabetes
  • Epilepsy
  • Autism
  • Cerebral palsy
  • HIV/AIDS
  • Schizophrenia
  • Muscular dystrophy
  • Bipolar disorder
  • Major depression
  • Multiple sclerosis (MS)
  • Missing limbs or partially missing limbs
  • Post-traumatic stress disorder (PTSD)
  • Obsessive compulsive disorder
  • Impairments requiring the use of a wheelchair
  • Intellectual disability (previously called mental retardation)
Please check one of the boxes below:

YES, I HAVE A DISABILITY (or previously had a disability)
NO, I DON’T HAVE A DISABILITY
I DON’T WISH TO ANSWER

Your Name Today's Date
Reasonable Accommodation Notice

Federal law requires employers to provide reasonable accommodation to qualified individuals with disabilities. Please tell us if you require a reasonable accommodation to apply for a job or to perform your job. Examples of reasonable accommodation include making a change to the application process or work procedures, providing documents in an alternate format, using a sign language interpreter, or using specialized equipment.


iSection 503 of the Rehabilitation Act of 1973, as amended. For more information about this form or the equal employment obligations of Federal contractors, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.


PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.

Human Check*