Security Compliance Lead
Given the growth of Rapid7 and the Insight platform, it's more important than ever to ensure we're building an organization and applications our customers can trust -- and customer trust is enabled by compliance with regulations and external security certifications. That's why Rapid7’s information security team is looking for a new Security Compliance Lead who has the enthusiasm and expertise to move our program to the next level and exceed our customers’ expectations.
Success in this role requires creative problem solving and customer focus. You won’t take a “check-box” approach to security compliance. Instead, you will use compliance to push Rapid7’s security maturity forward in a meaningful way.
You’ll join us in our brand new North Station HQ and work with an energized team that cares deeply about the success of these initiatives, and leadership that values work-life balance, an inclusive culture, and your ongoing career development.
Location: Boston, MA
Demonstrated success in managing/overseeing multiple projects simultaneously and providing leadership to others working on the projects you manage
Demonstrated success in guiding an organization’s security compliance strategy
Familiarity with privacy regulations, such as GDPR and the California Consumer Privacy Law
Familiarity with cybersecurity frameworks and standards, such as NIST, ISO, SOC 2, FedRAMP, PCI, and SOX
Bachelor’s or Master’s degree in information security, computer information systems, or a related field
Establish and maintain Rapid7’s information security compliance and privacy roadmap
Requires analyzing industry best practices and guidance along with information from customers, go-to-market teams, engineering, and other stakeholders to determine what compliance and privacy initiatives should be prioritized and how they should be staffed
Lead security compliance projects, including annual SOC 2, SOX and PCI audit, and initiatives to align with additional frameworks (e.g. audits, control design, control validation, gap assessments, and remediation projects)
Requires selecting and overseeing work with external auditors/consultants
Requires building strong relationships with Rapid7 teams and guiding their efforts to meet objectives
Partner with Legal to establish and maintain data privacy procedures
Partner with Legal team to draft, review and negotiate with customers’ data privacy agreements, business associate agreements, and vendor minimum control requirements
Address questions about Rapid7’s internal security program from customers, prospects, and auditors
Assist in third party risk management efforts by performing security assessments of potential Rapid7 partners/vendors
Serve as a security compliance subject matter expert, addressing questions from Rapid7 product managers, customers, and other stakeholders
Flexible work hours
Brand new TD Garden office location