The Information Systems (IS) Compliance Manager leads our work to achieve relevant certifications such as SOC2 as well as compliance with regulatory frameworks such as GDPR, SOC2 and other relevant standards.
This role is to ensure that Canonical conducts its business processes in compliance with laws and regulations, international standards, and accepted business practice. This position is for an individual with the knowledge, drive and personal motivation to set up a strong governance framework in a fast-growing tech company, as well as help it achieve/maintain the necessary compliance certifications. It requires a background in IT internal audit and an appreciation of the challenges involved in driving security/compliance initiatives in a software engineering organization.
This role can be home or office based. Periodic international travel for training and business meetings is required.
- Shape and drive the company's information security risk management and internal control framework
- Maintain and develop information security policies, and verify compliance with those policies
- Work with our Legal team to respond to internal and external information security compliance issues
- Collaborate closely with leaders to understand their security, privacy and compliance requirements
- Make sure that customer data is safeguarded and used ethically and responsibly
- Organize and conduct Risk/Privacy/Compliance training and assessments
- Educate and inform employees about our practices and standards
- Manage internal and external audit and testing programs, reporting risks that need correction
- Prioritize compliance work
- Coordinate activities with external consultants and internal stakeholders for quality compliance (e.g. ISO 9001, 15504)
- Review and respond to security questionnaires and contract questions from customers
Required skills and experience:
- Bachelor's degree (or equivalent) in Computer Science, Information Systems, or related field
- Familiarity with procurement compliance obligations, contractual security and privacy
- Experience defining and implementing appropriate methodologies for auditing, takedown processes and law enforcement
- Ability to be an ambassador for compliance policies and procedures within a highly technical software organization
- You can speak articulately about situational awareness, change management, and access control
- Demonstrated ability to explain risk assessments, actions needed, and cost implications
- General understanding of international privacy and compliance legislation, including the GDPR
- Experience working with legal, audit, and compliance staff
- Experience developing and maintaining policies, procedures, standards, and guidelines
- Experience driving risk-based decisions supporting business owner expectations and needs
- Affinity with Open Source software with regards to compliance
- Knowledge and experience of applicable frameworks and regulatory requirements, e.g. ISO 2700x, PCI-DSS, NIST
- Technical or engineering background, including software development, scripting, networking, and cloud architecture
Canonical is a growing international software company that works with the open-source community to deliver Ubuntu, the world’s best free software platform. Our services help businesses worldwide reduce costs, improve efficiency and enhance security with Ubuntu.
We are proud to foster a workplace free from discrimination. Diversity of experience, perspectives, and background create a better work environment and better products. Whatever your identity we will give your application fair consideration.