Compliance Manager in San Mateo, CA

$100K - $150K(Ladders Estimates)

Model N   •  

San Mateo, CA 94401

Industry: Enterprise Technology


8 - 10 years

Posted 53 days ago

Model N (NYSE: MODN) is looking for a high-energy and mission-driven individual who can develop and be a passionate leader of a Compliance Program primarily focused on information security and data privacy. In this role, you will have the opportunity to work cross-functionally with every department within Model N, as well as with customers. We are looking for someone who can communicate clearly and effectively at all levels of the enterprise and has exceptional process management, writing and documentation skills. As the Compliance Manager at Model N, you will operate largely independently, but as a part of a small and agile Legal team.

Key Responsibilities:

  • Develop and maintain compliance program, primarily focused on information security and data privacy, including strategies, policies, SOPs, Work Instructions and process documentation
  • Assist Legal, Pre-Sales and customer security teams by taking ownership of audit and security-related topics such as security questionnaires, privacy and security contract riders, and vendor assessments
  • Coordinate with cross functional security specialists from products, cloud ops, services and IT to manage high priority information security initiatives
  • Manage and maintain SOC compliance activities and audits, including working with internal and external teams and auditors to ensure security audit readiness and addressing any questions or concerns about the reports or controls from inside or outside parties
  • Project manage internal and third-party security testing and assessments, including disaster recovery and penetration testing
  • Evaluate and analyze security incidents and determine response
  • Assist Product and Engineering teams on identifying, prioritizing and tracking product vulnerabilities
  • Understand current regulatory environment and related implications to information security and data privacy compliance (Privacy Shield, GDPR).


  • Knowledge of SOC 1, 2 and 3 principles as well as relevant IT standards and norms (e.g., ISO27001)
  • Familiarity with OWASP Top Ten, SANS 25 issues and correlating application security findings
  • CISSP, CISA, ITIL, or other relevant certificates are a plus
  • Knowledge of SAST / DAST testing tools
  • Strong understanding of web applications, Cloud infrastructure security, risk assessment and disaster recovery
  • Able to document and design processes and workflows
  • 7+ years' relevant work experience
  • Strong project management and communication skills
  • Able to strike sensible and practical balance between compliance risks and the need to do business
  • Highly poised, well organized, and able to prioritize a heavy workload and own outcomes
  • Self-starter; ability to problem-solve utilizing critical thinking and information analysis skills
  • Proficiency in MS Project / Excel / Word and PowerPoint is required

Valid Through: 2019-10-17