Come work for a SaaS company that is a leader in the automotive repair industry and has the stability that only a 100+-year-old company can offer.
We are Mitchell 1, a division of Snap-on Inc. For over 100 years, Mitchell 1 has been a leader in providing information solutions that simplify everyday tasks for automotive professionals — helping make their jobs easier. Through the years, Mitchell 1’s products have evolved to keep pace with the industry and technological advances
.
We are looking for an IT Security and Compliance Manager. This is a hands-on role in Mitchell1’s information technology and cybersecurity compliance program
.
Under the direction of the Director, of Information Technology, the IT Security and Compliance Manager will be a process owner and central point of contact internally and externally for IT compliance, controls, and reporti
ng.
Responsibilit
- ies:Assures that information security compliance activities support business objectives and are consistent with regulatory standards, security framework best practices, and adhere to enterprise policies and internal cont
- rolsProvides risk guidance for IT projects, including evaluating and recommending technical cont
- rolsFunctions as the primary contact for internal and external inquiries regarding data security and compliance, and performs and delegates work accordi
- nglyEstablishes and maintains inquiry process flow and documenta
- tionCoordinates operational compliance reviews with internal and external auditors and IT subject matter experts to ensure the accuracy of questionnaire and audit respo
- nsesCreates, tracks, and maintains internal repositories and reports regarding compliance reviews, inquiries, responses, and evidentiary demonstration of compliance. Reports compliance gaps and tracks remediation activi
- tiesPerforms, maintains, and produces self-assessment reports for SOC 2 Type 2, NIST Cybersecurity Framework, and ISO 27001, and engages with internal and external parties for attestation and certifica
- tionResponsible for aspects of the DR/BC program, including ensuring data replication, backup, and off-site storage policies meet organizational RTO/RPO requirements. This includes establishing, continuously improving, and reviewing DR/BC playb
ooks
Requirem
- ents:Must have extensive knowledge of IT Governance and IT Risk Management frameworks and con
- ceptsExtensive experience and knowledge of regulations and/or contractual obligations including TISAX, SOC 2 Type 2, NIST Cyber Security Framework, ISO 27001, PCI, and Sarbanes-
- OxleyExperience implementing, achieving, and operationally maintaining SOC 2 Type 2, and ISO 27001 compl
- ianceMust have strong oral and written communication s
- killsStrong interpersonal and collaboration skills working in a team-oriented enviro
nment
Education/Certifica
- tions:Bachelor's degree in Cybersecurity or Computer Information S
- cienceMust have Certified Information Systems Security Professional (CISSP) and ISO/IEC 27001 Implementer security management certifications. Other network, security, and systems/network certifications are highly de
sired.
Expe
- rience:5 years of cybersecurity experience directly related to the responsibilities and requirements
- listed.Prior experience in a senior Information Technology Systems or Network Engineeri
- ng rolePrior experience managing a sma
ll team
