Offer summary

Qualifications:

Bachelor’s degree in Computer Science, Cybersecurity, or a related field., 5+ years of experience in compliance and controls program management., Advanced knowledge of AICPA SOC 2, SOX, NIST CSF, HIPAA, GDPR, and/or ISO 27001., Experience in leading audits and implementing automated compliance workflows..

Key responsibilities:

Develop and manage security compliance programs to adhere to regulations and standards.

Conduct risk assessments and oversee internal and external security audits.

Collaborate with cross-functional teams to define project scopes and deliverables.

Provide training on security and compliance requirements to promote awareness across the organization.

Job description

At Wave, we help small businesses to thrive so the heart of our communities beats stronger. We work in an environment buzzing with creative energy and inspiration. No matter where you are or how you get the job done, you have what you need to be successful and connected. The mark of true success at Wave is the ability to be bold, learn quickly and share your knowledge generously.

The Manager, Security Compliance is responsible for developing, implementing, and managing Wave’s security compliance programs. This role ensures that Wave adheres to relevant regulations, standards, and internal policies, mitigating risks and protecting sensitive information.

Compliance Program Development: Design, implement, and maintain the organization’s security compliance frameworks. Establish policies and procedures to ensure adherence to applicable laws, regulations, and standards (e.g., AICPA SOC2, SOX, NIST CSF, HIPAA, and PCI-DSS).

Lead the Security Risk Management team for automation and engineering-led thinking for security control assessment, evidence collection, and summary reporting. Monitor emerging regulations and industry trends to update compliance strategies.

Risk Assessment and Auditing: Conduct regular risk assessments to identify compliance gaps. Plan and oversee internal and external security audits. Collaborate with stakeholders to address findings and implement corrective actions.

Project Planning and Coordination: Define project scope, goals, and deliverables aligned with IT and cybersecurity objectives. Develop detailed project plans, including timelines, resource allocation, and budgets. Collaborate with IT, security teams, cross functional teams and external vendors to ensure project alignment.

Training and Awareness: Develop and deliver training programs to educate employees on security and compliance requirements. Promote a culture of compliance and security awareness across the organization.

Policy Management: Draft, review, and update security policies, standards, and guidelines. Ensure documentation is current and aligns with industry best practices and legal requirements.

Incident Management and Reporting: Oversee compliance-related incident investigations and resolution. Ensure timely reporting of security incidents to regulatory bodies as required.

Stakeholder Collaboration: Act as a liaison between departments, including H&R Block (Wave owner), IT, legal, and executive leadership, to ensure cohesive compliance efforts. Provide regular updates and reports on compliance status and risks to senior management.

Vendor and Third-Party Management: Assess and monitor third-party vendors to ensure compliance with security requirements. Establish and enforce contractual compliance obligations.

You Thrive Here By Possessing the Following:

5+ years of related professional compliance and controls program experience.

Bachelor’s degree in Computer Science, Cybersecurity, or a related field.

Proven experience in security compliance management or a similar role.

Advanced level knowledge of AICPA SOC 2, SOX, NIST CSF, HIPAA, GDPR and/or ISO 27001.

Experience leading internal and/or external audits, working as the liaison between auditors and the business.

Experience implementing automated compliance workflows.

Strong understanding of Amazon AWS environment and SaaS platform. Comfortable working with both deeply technical and non-technical resources.

Flexible in daily hours (e.g. willingness to work longer hours during end of quarter and peak periods, and audit).

Ability to prioritize and track multiple projects and tasks in parallel.

At Wave, we value diversity of perspective. Your unique experience enriches our organization. We welcome applicants from all backgrounds. Let’s talk about how you can thrive here!

Wave is committed to providing an inclusive and accessible candidate experience. If you require accommodations during the recruitment process, please let us know by emailing careers@waveapps.com. We will work with you to meet your needs.

Required profile