Security Compliance Manager

Avesta Computer Services
June 26, 2019
San Francisco Bay Area, United States
Job Type


About the client:

Our client is transforming the mortgage industry with an innovative and integrated platform that’s streamlining the entire digital lending experience. We believe that home lending should be a fair, fast, and transparent experience. Our software is used by banks across the country to improve lending experiences every day. We are a team of innovative thinkers on a mission to reinvent the lending experiences so people can accelerate their future. 

As a Security Compliance Manager, your mission will be to ensure that the environment and customer data remains secure. This is a hybrid role in that you will use your expertise to proactively test various security controls in cloud infrastructure and monitor/respond to security threats from various sources. You will also ensure all internal and external stakeholders including employees, customers and partners are well informed on security policies and practices.


  • Gather and analyze information security requirements from various sources including, but not limited to:  from ISO, SOC, NIST, GDPR, GLBA, Customer. Or 3rd party audits.
  • Define and manage internal security policies, processes, and standards
  • Advise on information security controls based on the identified security requirements and defined security policy and standard
  • Monitor, test and enforce the effectiveness of those security controls against defined security policy and processes
    • Perform audit to ensure the security controls are being followed as defined
    • Assist customer and 3rd party audit on security-related areas
    • Enforce and drive remediation on any identified deviations or control gaps either generated by internal audit, customer audit or 3rd party audit
    • Collect metrics to measure the effectiveness of the security controls
  • Manage information security risk acceptance, exceptions, and deviations
  • Increase employee security awareness via training and exercises such as phishing attack simulation
  • Assist supplier security assessment
  • Engage with information security marketing and sales activities
    • Provide security-related marketing materials
    • Review and respond on customer security inquires via questionnaire, etc.
    • Advise on contractual security requirements negotiation
    • Present to customers on information security programs


  • 3+ years of experience with security compliance including delivering security training
  • 3+ years of experience with AWS technologies and recommended security best practices
  • Excellent written and verbal communication; able to explain concepts to both technical and non-technical audiences
  • Excellent project and program management skills
  • Ability to prioritize multiple requests between security projects and greater business needs

Company Description

Avesta is a privately held technology consulting and staffing company established in 1994. We provide full life cycle technology services on a strategic staffing basis to our customers in the Financial, Pharmaceutical, Technology and Health Care sectors.
Our value proposition, combining top-quality and time sensitive implementation of technology solutions, finds many of Avesta's customers viewing us as a strategic long-term partner.
Avesta believes in conducting business based on mutual growth living up to the highest standards of ethics and values and is known for our high customer satisfaction.

Related Jobs