Security and Compliance Lead

At Flexspring, you will have the autonomy and flexibility to tackle your role in a way that is right for you. We foster a learning culture that will allow you to develop new skills and progress in your career.

About Flexspring

Flexspring is the leading expert in data integration for HR applications. We work with various clients to build customized integrations to solve their specific HR business needs.

The Opportunity

Business is booming at Flexspring. We are looking for a Security and Compliance Lead to join our IT Operations and Information Security team. If you love to proactively solve problems, work in a fast-paced environment, flawlessly plan and execute projects as well as collaborate with a young, motivated, and diverse team, then we would like to meet you.

Responsibilities

• Manage compliance activities and lead scheduled audits (SOC 2, GDPR, ISO27001)

• Ensure that internal systems are compliant with the laws and regulations of different jurisdictions (USA, EU, Canada, UK, etc.);

• Review and approve client contracts and DPAs;

• Respond to current and prospective client inquiries and questionnaires pertaining to security, privacy, and compliance;

• Review and escalate security alerts and notifications from Elastic, Google Workspace, and AWS Security Hub to the IT Operations team;

• Oversee Vulnerability Management and Penetration Testing remediation efforts;

• Create and conduct the annual Security Awareness Training for all staff;

• Assist in the development and maintenance of security policies, plans, and procedures to meet regulations and industry best practices;

• Assist with the enforcement of policy guidelines;

• Collaborate with the IT Operations team to monitor, manage and resolve existing compliance and security issues;

• Work on special IT projects as a project manager/coordinator.

What We Offer

• Work from home. Enjoy flexible hours.

• Work with cutting-edge technology in the growing field of data integration.

• Own your success: Receive an attractive base salary, enjoy an empowering work culture, and apply your expertise to meaningful work.

• Expect excellence: Collaborate, learn and grow with a high-performance team.

• Support and coaching from some of the most engaging colleagues in the industry.

Required Skills and Attributes:

• Knowledge and understanding of SOC 2, GDPR, and ISO27001;

• 5 or more years of experience in a Compliance, Security, or related domain;

• Good understanding of Governance, Risk and Compliance (GRC) requirements for organizations;

• Hold current or past CISA, CompTIA Security+ certification or equivalent experience;

• Demonstrate initiative and ability to drive results with little oversight;

• Broad technical knowledge of information security and compliance principles and processes;

• Possesses the relational skills necessary to work effectively in a large corporate environment;

• Must be able to communicate and facilitate meetings with technical and non-technical leaders;

• Must demonstrate strong written and verbal communication skills and consistent follow-through in all efforts;

• Experience in piloting an information security compliance audit either as an auditor or an auditee.

Nice to Have

• Experience with the Scrut GRC Automation platform;

• Bachelor’s degree in Computer Science, Information Technology or equivalent experience preferred.

• Familiarity with SaaS and/or software businesses;

• Written and spoken French is nice to have.