This role reports to the Director of Information Security and is responsible for supporting the business in fulfilling security information requests associated with Proposals (RFP), questionnaires, sales questions, third party risk assessments and audits.  Reviews client contracts and provides suggested alternatives regarding client requested contractual security requirements.  Collaborates with Sales, Legal, Customer Success and Engineering to build and maintain an in-depth understanding of each areas environment and security controls to ensure timely and accurate responses to security information requests.  Determines what information can be shared with clients and external parties at different phases of the client relationship to provide assurance with the Security Program, without compromising the IT Security posture of the organization.  Performs risk assessments on third party vendors to ensure compliance to company security policies.

Key Responsibilities:

Client security risk assessments

·       Lead role to review and edit security questionnaires and RFPs as well as fielding questions from sales detailing security capabilities.

·       Lead client and third party security meetings reinforcing the businesses security and compliance program.

Contract reviews 

·       Hands on iterative review of security/compliance aspects of new and renewed customer contracts.

·       Provides suggestions and contract redlines regarding what security terms we can accept from clients.

Third Party Risk Management

·       Lead vendor and third party risk management practices

Internal Risk Assessments 

·       Perform risk assessments related to infrastructure, platforms and applications

·       Configure and implement tools to manage and monitor internal risks

Minimum Experience:

·       Contract Management, Information Technology, IT Risk, IT Audit, InfoSec or similar experience required.

·       Excellent attention to detail required and strong issues spotting, drafting and communication skills required.

·       Experience in contract language and ability to redline and edit.

·       Must be client service focused with ability to successfully partner with internal stakeholders.

·       Must be able to multi-task and independently manage workflow / priorities and solve problems within company guidelines.

Preferred Experience:

·       Knowledgeable in security best practices (ISO 27001, SOC 2, HIPPA, etc.)

·       Knowledgeable of privacy best practices (Privacy Shield, GDFR, Safe Harbor, etc.)

·       Familiarity with systems and tools including: IDS/IPS, HIDS, SIEM, AV, vulnerability assessments, etc.

·       CISSP, CISM/CISA, CRISC or other industry InfoSec certification a plus

About Convercent:

Robust. Agile. Collaborative. And you should see our software. Bringing the transformative power of the cloud to the compliance and ethics industry, Convercent's award-winning SaaS solution empowers our customers to be more effective and efficient in managing their compliance efforts. With an inclination towards innovation, Convercent is helping our customers raise the standard--and expectations--for how companies safeguard their financial and reputational health.