Information Security Compliance Manager

Description

The Information Security Compliance Manager is responsible for developing, implementing, and maintaining an enterprise-wide compliance program for PCI DSS, SOC 2 Type II, FISMA, and other compliance expectations as needed. This role bridges technical security controls with regulatory requirements, ensuring that systems and processes protecting cardholder data, customer data, patient data and federal information are secure and auditable. 

Requirements

Key Responsibilities of the Position 

Strategic Compliance & Governance

• Own and lead the overall compliance roadmap for PCI, SOC 2, HIPAA, and FISMA.
• Develop, update, and implement comprehensive information security policies, standards, and procedures.
• Translate complex regulatory requirements (NIST 800-53 for FISMA, PCI DSS Council standards) into actionable technical and operational controls.
• Provide regular compliance status reports, risk dashboards, and metrics to senior management and stakeholders. 

Audit Management & Assessmen

• Act as the primary point of contact for external auditors (QSAs, CPA firms) during PCI audits, SOC 2 examinations, and federal assessments.
• Facilitate end-to-end audits, including scoping, walkthroughs, documentation gathering, and remediation tracking.
• Perform internal gap analyses to identify vulnerabilities in security controls and initiate corrective action plans (CAPAs). 

Operational Risk & Monitoring

• Monitor daily adherence to security policies (e.g., firewall configuration, access controls, log management).
• Oversee third-party vendor risk management to ensure vendors handling data are compliant.
• Coordinate penetration testing and vulnerability scanning (ASV scans) to identify compliance gaps. 

Training & Awareness

• Assist in development and management of training programs to ensure employees understand PCI, SOC 2, FISMA, HIPAA, and other requirements.
• Foster a culture of security awareness, ensuring that compliance by design is integrated into development and IT operations. 

Requirements of the Position 

• Education: Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or related field.
• Experience: 5+ years of experience in IT compliance, information security, or auditing, with specific experience managing PCI and SOC 2/FISMA.
• Certifications (Highly Desirable): CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager), CISSP (Certified Information Systems Security Professional), or PCIP/ISA (PCI Internal Security Assessor).
• Technical Knowledge: Deep understanding of NIST 800-53, PCI-DSS, and SOC 2 Trust Service Criteria (Security, Confidentiality, Availability).
• Knowledge of AWS and serverless architecture helpful

Preferred Skills: 

• Exceptional analytical, organizational, and project management skills, with the ability to articulate technical security concepts to non-technical stakeholders. 

Top Challenges

• Complexity: Balancing the distinct, sometimes conflicting, requirements of three separate frameworks.
• Dynamic Threats: Keeping up with evolving cyber threats and updating controls to meet new, stricter standards.
• Cross-Functional Collaboration: Coordinating with IT, engineering, legal, and HR to ensure adherence across all departments.

What RevOne Offers

• Salary range of $100,000 per year to $150,000 per year, based on experience and qualifications
• Competitive benefits package (details provided during interview process)
• Paid time off and holidays
• Professional growth opportunities within RevOne Companies
• Collaborative, team-oriented, in-office work environment

If you are a motivated and organized professional with a passion for compliance, we would love to hear from you! Apply today to join our team as Information Security Compliance Manager!

Location: Greenwood, IN

Work Arrangement: In-Office – Require

Salary: Salary range of $100,000 per year to $150,000 per year, commensurate with experience
Employment Type: Full-Time