Full-Time Manager of Security and Compliance

• Lead, mentor, and manage team of direct reports responsible for cloud security and risk and compliance analysis.
• Develop and maintain policies, standards, processes, and tools that ensure cyber readiness, regulatory compliance, and operational excellence in alignment with business goals.
• Act as the company’s subject matter expert on industry regulations and provide compliance guidance to Ollion and our Client's. You'll also design and embed compliance processes into Client assessments, ensuring they’re executed effectively — whether handled in-house or through trusted partners.
• Uphold Internal Security Standards: Oversee Ollion’s IT’s infrastructure ensuring systems are secure, monitored, and maintained according to best practices.
• Mature the company's security program through proactive exercises, including annual penetration testing, disaster recovery simulations, and CSPM.
• Oversee the development, implementation, and enforcement of security policies and procedures, championing a Zero Trust architecture based on the principle of least privilege and Role-Based Access Control (RBAC).
• Lead the incident response process, determining severity, assigning resources, and ensuring swift containment of Security and compliance threats.
• Hands-on experience with security tools such as SIEM, DLP, endpoint detection and response (EDR), and vulnerability scanning.
• Proficiency with endpoint management solutions (e.g., Intune MDM, ManageEngine RMM) and ticketing systems (e.g., Freshservice).
• Manage and optimize security tools, including SIEM (Microsoft Sentinel), the Microsoft Defender suite, and secret scanning solutions for development environments.
• Lead and manage all compliance programs and audits
• Act as the primary liaison with external partners, including auditors and virtual CISO (vCISO) providers.
• Evaluate emerging technologies and lead strategic digital initiatives to enhance operational efficiency and business agility.
• Manage relationships with external vendors and technology partners; negotiate contracts and ensure service levels are met.
• Undertake any other duties of a similar level and responsibility as may be required from time to time.

• 5+ years of experience in a Security or Compliance role, with at least 2 years in a leadership position managing a technical team.
• Understanding and experience in Cloud Technologies. Should possess general familiarity across all three major CSPs (GCP, AWS and Azure).
• Proven track record of successfully leading and passing audits for major compliance frameworks (e.g., SOC 2, ISO 27001, ISO 42001 and ISO 27090)
• Strong and practical knowledge of industry adopted frameworks and methodologies (MITRE ATT&CK, CIS, NIST, ISO, etc.)
• Experience in systems such as Microsoft Sentinel, Microsoft Defender Endpoint and Cloud Apps, Microsoft Entra, and Google Administration.
• Strong knowledge of networking, identity access policies, and security best practices for cloud-based environments.
• Communication skills: Excellent verbal and written communication skills to effectively interact with customers, internal teams, and stakeholders.
• Problem-solving skills: Strong analytical and problem-solving abilities to identify and resolve issues and challenges, efficiently and timely.
• Time management: Effective time management skills to lead complex, cross-functional technology projects and various other tasks simultaneously.
• Proactive approach: Being proactive in identifying potential issues, opportunities for improvement, and going the extra mile to ensure Ollion’s success.
• Team player: Collaborating effectively with other teams within the organization, such as sales, marketing, customer support, and product development.
• Adaptability: Being adaptable to evolving business needs, unplanned security challenges and embody a collaborative “all hands on-deck” mentality when necessary.
• Exceptional written and verbal communication skills, with the ability to explain complex technical concepts to non-technical stakeholders
• Demonstrated experience in developing and managing departmental budgets and negotiating with vendors.
• Security certification(s) CCSP, CISSP, CISM, CompTIA Security+, CompTIA PenTest+, GIAC Information Security Fundamentals (GISF), GIAC Security Essentials (GSEC), (ISC)² Associate, (ISC)² Systems Security Certified Practitioner (SSCP), ISACA Cybersecurity Fundamentals Certificate, (Security+, ISC2, ISACA, CompTIA), Risk Management (CRISC)
• B.S. in Computer Science, Information Technology, Information Systems, or IT Management.
• Ability to work in a fast paced team environment

What is the last date for applying to the job?

Which countries are accepted for this remote job?