Join our gene pool.
Information Security & Privacy
Information Security and Privacy - Senior Compliance Manager
Mountain View, California, United States
23andMe is seeking a local professional with relevant healthcare, life sciences, and technology expertise to support the security and data protection function. The Manager will work closely with 23andMe security, privacy and engineering teams, attorneys, and the research team to support various business practices, focusing on genomic, consumer health, privacy, big data, consumer services, and informatics. Come join us in this newly created role!
Who we are
Since 2006, 23andMe’s mission has been to help people access, understand, and benefit from the human genome. We are a group of passionate individuals pushing the boundaries of what’s possible to help turn genetic insight into better health and personal understanding. We are looking for an exceptional, enterprising individual to join our privacy and security team.
We are looking for
The Information Security and Privacy Compliance Manager will be responsible to ensure the company operates in compliance with applicable security and privacy-related standards and requirements, and will demonstrate such commitment both internally and externally by driving continued compliance efforts. This includes maintaining and reporting on security controls required by NIST, HIPAA-HITRUST, GDPR, PCI, the FDA and other regulatory requirements and security and privacy compliance frameworks.
More specifically, the Security and Privacy Compliance Manager will be responsible for continuous improvement of the company’s security and privacy compliance posture through leading and taking an active part in all information security and data privacy-related audits, document control, certifications and compliance initiatives.
What you'll do
Lead and actively partake in company security and privacy certification and compliance initiatives
- Manage and maintain the privacy & security compliance program, including the EU GDPR
- Map, document, and maintain all security and privacy compliance requirements
- Monitor existing controls and conduct periodic audits and reviews to ensure their efficiency and operating effectiveness, to ensure that compliance requirements are met and to identify and report on potential issues
- Develop metrics to report on security and privacy compliance
- Lead the development and timely implementation of, and monitoring and reporting on required corrective action plans relating to security and/or privacy compliance issues or audit deficiencies or observations
Establish and conduct compliance reviews and audit initiatives in your program area and maintain documentation of compliance activities to support audit requests
Lead the development, review and implementation of security and privacy-related policies, guidelines and processes throughout the organization
Provide employee training on compliance related topics, policies, or procedures, as required
Maintain the privacy and data protection by design and by default program
- Collaborate with product management, product owners and project teams on security and privacy impact analyses and definition of security, privacy and compliance requirements relating to our products and services
- Collaborate with product management, product owners and architects in identifying, defining and prioritizing security-, privacy- and compliance-related product and operational improvements
Develop and implement risk management strategies to avoid compliance issues
- Develop and maintain a vendor risk management program
Influence Security peers and leaders across the company to adopt a risk-based mentality toward all day-to-day activities
Advise technical professionals on the implementation of privacy principals and security controls to meet security and privacy compliance requirements and best practices
Keep informed regarding industry changes, trends, and best practices and assess the potential impact of these changes on organizational processes
What you'll bring
- Bachelor’s degree in Information Systems, Accounting, Business or related field
- Minimum of 5 years of cumulative hands-on audit, security, privacy and compliance experience
- Professional certifications in the security, privacy, risk management and audit areas highly desirable, such as: CISSP, CRISC, CISM, CISA, CIPP, CIPT, CPA, ISO 27001 Lead Implementer, ISO 27001 Lead Auditor, ISO 27005 Risk Manager (CISA/CISM highly desirable)
- Solid understanding of security, privacy and compliance domains
- Field experience in leading multiple security and/or privacy audits and/or compliance initiatives, preferably in large audit firms
- Eagerness to challenge the status quo, balanced with a reasonable and methodical approach to effecting change
- Intimate working knowledge of major governance frameworks such as ISO27001, PCI, SSAE16 (SOC2), BSIMM/MSSDL, and SOX.
- Artful communication skills and organizational savvy, to steer peers and leadership toward solutions that carefully balance business, risk, compliance, and engineering concern
- A fun and positive attitude!
23andMe, Inc. is the leading consumer genetics and research company. Our mission is to help people access, understand and benefit from the human genome. The company was named by MIT Technology Review to its “50 Smartest Companies, 2017” list, and named one of Fast Company’s “25 Brands That Matter Now, 2017”. 23andMe has over 5 million customers worldwide, with ~85 percent of customers consented to participate in research. 23andMe is located in Mountain View, CA. More information is available at www.23andMe.com.
At 23andMe we value a diverse, inclusive work force and we provide equal employment opportunity for all applicants and employees. All qualified applicants for employment will be considered without regard to an individual’s race, color, sex, gender identity, gender expression, religion, age, national origin or ancestry, citizenship, physical or mental disability, medical condition, family care status, marital status, domestic partner status, sexual orientation, genetic information, military or veteran status, or any other basis protected by federal, state or local laws. 23andMe will reasonably accommodate qualified individuals with disabilities to the extent required by applicable law.
Please note: 23andMe does not accept agency resumes and we are not responsible for any fees related to unsolicited resumes. Thank you.