Minimum Qualifications: - Experience supporting cybersecurity risk controls management programs with in-depth knowledge and experience of cybersecurity frameworks including ISO 27001, PCI-DSS, SOC 2, and other regulatory requirements - Experience collaborating closely with engineers, business teams, and security partners, including incident response, red teams, and architects to seamlessly incorporate cybersecurity controls and risk management processes into their day-to-day operations - Experience with the entire risk and controls monitoring lifecycle, including identifying, assessing, monitoring, and treating risk and control gaps - Excellent communication skills with the ability to document, communicate, and report security assessments as well as the status of the implementation, effectiveness, and remediation of cybersecurity controls with product and business leaders - Strong project management skills with the ability to lead and execute security assessment projects and initiatives on time with multiple stakeholders - Ability to work in D.C. office for 5 days per week and be willing to travel to other offices with the flexibility to conduct virtual meetings, including international locations, as required to support business needs Preferred Qualifications - Minimum of 5 years in Information Technology (IT) or Information Security (IS) compliance and controls programs in a global organization with in-depth knowledge and experience of cybersecurity frameworks such as ISO 27001, PCI-DSS, SOC 2, and other regulatory requirements - Experience supporting complex audit projects in a cloud-centric environment with a strong aptitude to understand emerging technologies to assure regulatory and compliance requirements are met - Experience engineering governance, risk and compliance solutions to help automate testing and compliance workflows - CISM, CISA, CISSP, CCSP, SecurityX, CySA+, Security+, CRISC, CGEIT, GSEC, QSA, or other relevant certifications . Responsibilities As a SRR Compliance Management Specialist, you will be responsible for: - Supporting the scoping and maturity of the cybersecurity compliance program to align with industry best practices and regulatory requirements including but not limited to ISO 27001, PCI DSS, and SOC 2 - Identifying and assessing cybersecurity risks, working with risk owners to develop risk treatment plans, monitoring and reporting on cybersecurity risks, and maintaining a cybersecurity risk register - Leading control design walkthroughs and tests of operating effectiveness for product and business line controls against security requirements and compliance obligations - Preparing and supporting control owners and process owners for internal and external audits by conducting thorough examinations of people, processes, technologies and key system configurations and helping identify best-in-class evidence - Influencing and collaborating with key stakeholders to support, track, and report on remediation efforts for identified security control gaps - Maintaining a global security controls library to include periodic updates and validation of security controls and owners - Communicating with technical and non-technical stakeholders on cybersecurity risk and control topics and program-specific reporting .