The IT Compliance Program Manager plays a key role in Conga’s ability to achieve compliance with regulatory and contractual obligations. The IT Compliance Manager collaborates with other cross-functional teams to create, maintain, enhance, and enforce Conga’s IT compliance objectives.
You will be responsible for working with stakeholders across the company to roll out and update policies, establishing processes for evidence collection, and working with internal and external auditors to collect, evaluate and manage compliance evidence.
In addition to project management responsibilities, you will be responsible for conducting internal assessment and testing IT controls to ensure compliance readiness. You will evaluate the assessment results, identify gaps, and drive remediation. We will also rely on you to identify and manage opportunities and initiatives to improve the efficiency, effectiveness, and quality of governance processes and departmental documentation.
- Participate and support the ongoing compliance initiatives include performing risk assessment, documenting controls and processes, conducting control testing to ensure the continued effectiveness of Conga’s internal control environment, and its alignment to frameworks such as ISO 27001, PCI, SOC, HIPAA, GDPR, etc.
- Provide support for external and internal information security audits by ensuring on-time delivery of audit and compliance artifacts and evidence to key groups and individuals
- Management and maintenance of compliance documentation including policies, procedures, supplemental materials, and annual documentation reviews
- Working with subject matter experts in various departments to create and document new processes and documentation
- Collaborate with cross-functional teams to drive remediation efforts on identified risks and deficiencies
- Assists in annual planning and maintenance of risk control matrix for in-scope applications and controls
Experience, Skills, Competencies
- Bachelor’s Degree in Computer Science, Engineering, or other relevant subject areas, or equivalent experience
- Minimum of 5-7 years of experience in an audit or compliance capacity.
- In-depth knowledge of at least one or more compliance frameworks such as ISO 27001, SOC, PCI, HIPAA, etc.
- Knowledge of privacy frameworks such as GDPR, CCPA, etc.
- Experience in using GRC tools such as ZenGRC
- Industry experience in the SaaS environment is a plus
- Detailed oriented and proactive with strong project management and communication skills
- Ability to partner with cross-functional leaders and provide recommendations to optimize processes and solutions