Description:
The Product Security Compliance team is looking for a highly motivated and experienced Senior Compliance Program Manager to join our team. The team is growing and we have a big vision. This role is a key driver in navigating complex, multi-layered compliance initiatives. This includes building relationships with the teams we work with most closely, writing, reviewing and improving process documents, and collecting appropriate evidence. Red Hat embraces a remote working culture and promotes work flexibility. This team, and many of the people you would work with, are remote and you would be welcome to work from home as well.
What You Will Do
- Work with vendors, including assessors and other third party organizations.
- Set a path forward for your assigned compliance goals, be it internal audit, SOC, PCI, ISO, DORA or CRA.
- Develop and maintain detailed project plans to meet compliance objectives.
- Drive the audit and certification process forward, in many instances, multiple audits are at different stages.
- Use your knowledge to help us identify novel solutions to meeting specific controls and requirements.
- Improve our current methodology, tracking, documentation, and reporting processes.
- Partner with cross-functional teams, including IT, Legal, HR, and Finance, to ensure a cohesive approach to compliance and risk management across departments.
- Work with InfoSec and Global engineering to share information and improve processes.
- Stay informed on evolving regulations, security threats, and compliance technologies, making recommendations to improve compliance processes and security measures.
What You Will Bring
- Program Management Expertise: Minimum of 3-5 years of hands-on experience managing complex, technical compliance programs and leading both internal and external certification audits.
- Deep, practical familiarity with the types of technical evidence required for various audits.
- Knowledge of cloud security practices and technologies is essential.
- Excellent communication and leadership skills, with the ability to influence and work effectively with stakeholders across all levels.
- Strong analytical skills for assessing compliance risks, identifying vulnerabilities, and implementing solutions.
- Familiarity with security technologies and cybersecurity practices to include automation.
- Professional certifications such as CISSP, CISM, CRISC, or CISA are preferred.