AppD InfoSec Compliance Manager
Location:San Francisco, California, US
Area of InterestEngineer - Software
InfoSec Compliance Manager
Information Security | San Francisco, CA
AppDynamics is an application performance monitoring solution that uses machine learning and artificial intelligence (AI) to provide real-time visibility and insight into IT environments. With our unique AIOps solution, you can take the right action at exactly the right time with automated anomaly detection, rapid root-cause analysis, and a unified view of your entire application ecosystem, including private and public clouds. Using AppDynamics, you’ll finally align IT, DevOps, and the business around the information that helps you protect your bottom line and deliver flawless customer experiences at scale.
What We Need
The AppDynamics Information Security Assurance group is seeking a strong team player who has the experience, skills, drive, and integrity to lead a highly talented InfoSec Compliance team. This hands-on leadership position will have a good degree of visibility and autonomy to build and improve assurance programs, lead and grow an existing operational team, up-level security posture, and drive process efficiency.
The primary mission of the InfoSec Assurance Organization is to build customer trust. This position is not a “check the box” compliance role but one that will drive improving security posture and produce the collateral that comes out if so that our customers can rest assured their data (and their customers’ data) is protected. Engendering trust - and keeping it - is an important element to helping our customers be successful utilizing AppDynamics products and reduces our sales friction.
We are a lean but highly productive team that is scaling. This role is multifaceted so there's an opportunity to be involved with a variety of programs, initiatives, and processes that will lead to a positive impact in several Compliance, Certifications, and Audit areas. Communication and attention to detail are critical to be successful in this role.
- Bachelor's Degree in CS, Engineering, MIS, Cybersecurity, or a related field.
- 6+ years of experience managing compliance, certification, or GRC programs - preferably at a SaaS based software company.
- 3+ years of people management experience.
- Impeccable ethics, desire to roll up your sleeves, and a pragmatic view of security & compliance. Continuously balancing business needs with security posture.
- Deep understanding and experience developing, documenting, revising, and assessing security controls.
- Demonstrable experience in leading certification programs such as SOC 2 Type II, ISO27K, and FedRAMP.
- GDPR implementation experience.
- Demonstrated ability to stay current with international regulations that may affect certification controls.
- Understanding of Software Development Life Cycle (SDLC) to effectively implement controls in upleveling security posture.
- Strong program management background, outstanding attention to detail.
- Demonstrated experience with written and verbal communication skills to small and large teams.
- Ability to develop succinct presentation material on a range of Security and GRC topics.
- Ability to function in a fast-paced environment with minimal supervision.
- Must be organized, goal oriented, and a self-starter.
- Ability to adapt to changing business situations.
- US Citizenship required since this position will be responsible to support FedRAMP certification and ongoing compliance monitoring.
What You Will Be Doing
- Manage team activities, goals, and drive results through a positive, supportive cultural environment.
- Contribute to the success of the team by doing the same hands-on activities and tasks as your team members are providing, as needed.
- Exercise sound management practices and support a collaborative and productive environment.
- Developing on-boarding, training, and other instructive materials to support more junior team members.
- Demonstrated expertise in understanding mitigating controls at various levels - system, application/data, network, and process (manual or automated).
- Collaboratively create and implement cross functional process to help the team scale in handling volume growth and to reduce recertification time.
- Coordinating with various internal/external stakeholders to support various compliance initiatives (ISO 27001, SOC 2 Type 2, GDPR).
- Partnering with various cross-functional teams such as IT, Product Engineering, SaaS Operations to develop and improve security controls.
- Analyze and detail effectiveness of controls with various applications or processes. Develop plans for improvements of less effective controls.
- Developing and maintaining internal security metrics/reports.
- Contributing to Company wide new-hire and security awareness training programs.
- Owning and driving resolution of identified risks associated with the programs you are leading.
- Supporting the Risk process to quantify, and in some cases, own or help treat various risks that may arise in the course
- Experience as a 3rd party/external auditor or in an Internal Audit capacity in the past.
- CISA, CRISC, CISM certification is a plus.
- CISSP a big plus.
- Experience in implementing privacy controls; domestically/internationally.
- Experience with FedRAMP and/or FISMA.
Experience interacting with all levels of management and departments within the company, as well as with vendors
- Must have the ability to work on multiple projects and process with tight deadlines
- Strong problem solving and analytical skills and the ability to manage through challenges
- Possess high integrity and proven trust to manage highly confidential information.
- Exceptional organization and prioritization abilities