Compliance Manager - Product Security Compliance & Risk Team

About the job

The Product Security Compliance and Risk team is looking for an experienced Compliance Manager to join our team. The team is growing and we have a big vision. We need somebody who can take the initiative to drive compliance efforts forward. This includes building relationships with the teams we work with most closely, writing, reviewing, and improving process documents, and collecting appropriate evidence.

Red Hat embraces a remote working culture and promotes work flexibility. This team, and many of the people you would work with, are remote and you would be welcome to work from home as well. Successful applicants must reside in a country where Red Hat is registered to do business.

What you will do

• Work with vendors, including assessors and other third party organizations
• Set a path forward for your assigned compliance goals, be it internal audit, SOC, PCI, or ISO
• Develop and maintain detailed project plans to meet compliance objectives
• Drive the audit and certification process forward, in many instances, multiple audits are at different stages
• Use your knowledge to help us identify novel solutions to meet specific controls and requirements
• Improve our current methodology, tracking, documentation, and reporting processes.
• Work with our partner groups to ensure they’re following processes
• Work with InfoSec and Global Engineering to share information and improve processes

What you will bring

• Proficiency in managing both internal and external audits to ensure regulatory compliance
• Experience in overseeing audits, including ISO 27001, SOC2, PCI, and HIPAA, with a keen understanding of the necessary evidence
• Knowledge and practical application of cloud technologies, particularly AWS and/or Azure
• Proven ability to facilitate collaboration among various stakeholders, including internal teams and external vendors, to achieve collective objectives
• Track record of successfully leading and delivering large-scale projects
• Holder or active pursuer of security certifications such as CISSP, CISM, CCSP
• Excellent written and verbal communication skills in English