Information Security Manager

Skills

Description

We are currently seeking technical professionals with recent, strong Data Security and Compliance experience. This role will be instrumental to the success of our digital transformational efforts in the Data Engineering and Platforms space.

Responsibilities

• 1. Security Controls Implementation: Implement and maintain security controls across Snowflake data platform and Data Ingestion platforms including access controls, encryption, network security, and vulnerability management.
• 2. Compliance Management: Monitor and ensure compliance with relevant industry standards, regulations (e.g., SOX, GDPR, HIPAA), and internal security policies.
• 3. Risk Assessment: Conduct risk assessments on data platforms to identify potential vulnerabilities and threats. Provide recommendations and implement remediation measures to mitigate risks.
• 4. Incident Response: Collaborate with incident response teams to investigate and respond to security incidents related to data platforms. Develop incident response plans and participate in incident response exercises.
• 5. Security Audits and Assessments: Participate in security audits and assessments to evaluate the effectiveness of security controls and identify areas for improvement. Address findings and implement necessary changes. Will work with Internal and external auditors to provide evidence required for compliance.
• 6. Security Awareness and Training: Develop and deliver security awareness and training programs to educate employees on data platform security best practices.
• 7. Documentation and Reporting: Maintain accurate documentation of security controls, policies, and procedures. Generate reports on security metrics, compliance status, and incidents for management and stakeholders.
• 8. Security Strategy: Contribute to the development and execution of the organization & data platform security strategy. Stay updated on emerging threats and security technologies to recommend improvements.
• 9. Conduct regular security audits and participate in SOX compliance audits, providing reports and recommendations for enhancements.

Educational Requirements

• 1. Education: Bachelor's degree in Computer Science, Information Security, or a related field. Relevant certifications such as CISSP, CISA, or CISM are desirable.
• 2. Experience: 7+ years of prior experience in information security, compliance, or a related role. Familiarity with data platforms – Snowflake, Delta Lake, cloud computing, and security technologies is preferred. Hands-on Experience with SnowSQL, Snowpipe and Notebooks is desirable.
• 3. Knowledge: Strong understanding of security controls, risk assessment methodologies, and compliance frameworks (SOX, GDPR and general ITGC controls).
• Knowledge of data protection laws and regulations is essential.
• 4. Technical Skills: Proficiency in implementing and managing security controls within data platforms. Familiarity with Role Based and Fine-Grained Access Controls, security tools, vulnerability scanning, and log management systems.
• 5. Analytical Skills: Ability to assess risks, analyze security incidents, and provide recommendations for improvement. Strong problem-solving skills to address security challenges.
• 6. Communication: Excellent written and verbal communication skills. Ability to collaborate with cross-functional teams, Internal / External auditors and effectively communicate complex security concepts to technical and non-technical stakeholders.
• 7. Attention to Detail: Strong attention to detail to ensure accurate documentation and compliance with security standards.
• 8. Continuous Learning: Proactive approach to stay updated on emerging security threats, technologies, and industry best practices.
• The Senior Compliance Engineer for Data Platforms plays a critical role in safeguarding the confidentiality, integrity, and availability of data within an organization. They ensure compliance with regulatory requirements and industry standards while implementing robust security controls to protect data platforms against evolving threats.