SS
4238 information security compliance manager jobs found
Refine Search
Categories
Information Technology
(1564)
Management
(518)
Accounting
(481)
Finance
(438)
Security Clearance
(334)
Healthcare
(297)
Human Resources
(279)
Executive
(275)
Law Enforcement
(210)
Nurse
(208)
Engineering
(186)
Marketing
(175)
Legal
(166)
Insurance
(108)
Energy
(99)
Science
(89)
Manufacturing
(85)
Customer Service
(65)
Facilities
(60)
Salary Range
City
State
California
(623)
Texas
(431)
Washington
(291)
Virginia
(240)
New York
(206)
Florida
(203)
Illinois
(200)
Ohio
(132)
Alaska
(130)
District of Columbia
(117)
Georgia
(117)
North Carolina
(117)
Arizona
(110)
Maryland
(109)
Michigan
(96)
New Jersey
(90)
Colorado
(84)
Missouri
(84)
Massachusetts
(78)
Tennessee
(68)
LR
LR
MC
Samaritan Healthcare
WA
Dec 06, 2025
LR
LR
LR
Job Description
Job Description
Salary: 80k-100k DOE
remote work
Information Security Compliance Manager
Simpatico Systems is currently seeking a Manager of Information Security Governance, Risk & Compliance. The candidate will oversee the development and life-cycle management of governance items such as policies, standards, controls, and compliance frameworks, as well as conduct and oversee risk-based compliance testing of internal controls, application controls, infrastructure systems, and information technology processes.
Primary Responsibilities:
- Assume responsibilities for leading the development, management, and improvement of the cybersecurity Governance, Risk, and Compliance (GRC) practice.
- Lead development, implementation, and maintenance of information security governance items such as policies, standards, and controls
- Mature and maintain the policy lifecycle management process, ensuring security policies are reviewed and updated regularly and any exceptions are processed and monitored
- Develop and mature the various governance and compliance processes and functions, provide short and long-term roadmaps for increasing capabilities, and develop associated resource plans to properly staff for these enhancements
- Provide effective mentoring and guidance to other security personnel who may assist in developing policy, standards, and procedures.
- Foster relationships with client personnel to analyze, evaluate, and enhance information systems to develop and improve security at procedural and governance levels
Essential Functions / Key Areas of Responsibility:
NIST 800-171/Cybersecurity Maturity Model Certification (CMMC)
- Become a CMMC Registered Practitioner (RP) within the first 90 days
- Work collaboratively with customer business and IT/Security to help them prepare for NIST 800-171 compliance and CMMC certification including scoping, risk assessment, maturity assessment of current controls, risk/gap remediation plan development, remediation plan, execution, System Security Plan Development, etc.
- Assess current DFARS NIST 800-171 controls compliance status and identify the gaps and remediation plans.
- Work with the CMMC/security team to lead efforts in developing secure solutions for business units that need to be compliant with DFARS requirements.
- Delivers recommendations to provide security enhancement activities to protect computer systems, networks, and data. This includes analyzing, testing, documenting, implementation/configuration, and support of new security technologies and processes.
- Knowledgeable in risk assessment processes, tracking, and remediation of issues identified in audits or assessments.
- Participates in the creation of enterprise security documents (policies, standards, baselines, guidelines, and procedures).
- Evaluate technical controls and advise appropriate solutions.
- Deliver weekly project strategy and planning meetings to business leaders and IT.
To qualify for the role, you must have:
- A bachelor's degree in a related field and approximately 5 years of related work experience
- Experience in the following areas:
- Governance, Risk, and Compliance (GRC)
- Cybersecurity assessments
- IT and cybersecurity policies, standards, procedures, and controls
- Security strategies and roadmaps
- Cybersecurity metrics and reporting
- Cybersecurity organization design and implementation
- A strong background in security frameworks and standards such as ISO, PCI DSS, NIST, and cybersecurity laws and regulations such as HIPAA, FISMA, and GLBA
- CISSP, CISM, CISA, CIPT, CIPM, CRISC, or other relevant certification desired; non-certified hires are required to become certified within 1 year from the date of hire
- Strong presentation and communication skills and ability to speak with director and VP levels
Specialized Skills and Technologies
Governance
- Strong knowledge of cybersecurity governance, regulations, and security frameworks
- Demonstrated understanding of a wide range of compliance and technology frameworks (NIST, ISO, Cloud Security Alliance (CSA), OWASP, CIS Benchmark, etc.)
- Ability to understand new laws and regulatory requirements and how they relate to company risk, information security, governance, and compliance
- Proficient in developing and maintaining governance items such as policies, standards, and controls
Compliance
- Expert-level skill in executing compliance control testing programs and processes
- Strong understanding of the implementation of effective control and/or mitigation options to manage security risks
- Skill in leading the process of Issues Management and associated remediation efforts
Leadership And Soft Skills
- Exceptional consultative and interpersonal skills that result in business relationships of impeccable trust, confidence, and results at all levels within the organization
- Skilled at managing a team
Technologies
- Implementing and using GRC/IRM tools to manage GRC processes
- Knowledge of cloud security concepts and best practices
- Skilled in the understanding of IT systems and supporting technologies
remote work
About Simpatico Systems, LLC