Information Security Manager

Counsyl is a health technology company that offers DNA screening for diseases that can impact men, women and their children. The Counsyl philosophy is simple: screen for diseases where advanced knowledge makes a difference in health outcomes, whether it’s changing a behavior, pursuing preventative measures, or simply preparing for what lies ahead.

Our focus is on leveraging industry security products, reducing risk, and hardening products and infrastructure. We are looking for a dynamic team member to support the compliance initiatives and security driven projects.

Counsyl is seeking an experienced Compliance Manager to join our team. The candidate will have solid information technology audit experience, with a deep interest in security controls and will be able to partner with stakeholders to implement process and program improvements. The role involves ensuring the alignment of products and operations with existing and new security compliance objectives, through IT controls assessments, security awareness, and policy building. Our ideal candidate must work well with management and engineering teams, paying close attention to risk levels and documentation. Candidates with experience in Cloud environments/technology or software industry are strongly preferred.

• Support the identification, validation and remediation of information technology controls required by Payment Cardholder Information Data Security Standards (PCI DSS), HIPAA, SOC 1 & 2, ISO 27001/2, and other applicable regulatory compliance frameworks
• Develop documentation and maintain security compliance policies, processes, procedures and standards
• Participate in the development and oversight of required corrective action plans relating to compliance issues
• Support business relationships with the internal partners and external auditors
• Identify, research and evaluate new compliance requirements and ensure they are incorporated into Counsyl’s security policy framework
• Assist with the education of process/control owners to ensure better understanding of the controls framework and their individual responsibilities
• Partner with internal teams to ensure successful security programs that align with compliance requirements

• Experience in 2 or more compliance frameworks and regulatory standards from the following: SOC2, ISO 27001, PCI, HIPAA, NIST
• 3+ years professional IT Security or Compliance experience
• Solid knowledge and experience of security controls across all security domains such as access management, encryption methods, vulnerability management, network security, etc.
• Strong risk management and IT security skills, CISA, CISM, CISSP Certification
• Excellent written and verbal communication skills
• Ability to work efficiently with minimal oversight/direction as well as part of multiple project teams
• Highly organized and able to multi-task, with the ability to work individually, within a team, and with other groups
• Understand the technical implementation details necessary to assess and recommend security control improvements or identify mitigating controls