Responsibilities:
Position Responsibilities:
- Coordinate internal and external assessments by gathering documentation, tracking action items, and facilitating communication between stakeholders across Security, IT, Legal, and business units
- Track and drive awareness of compliance findings by maintaining documentation, following up with responsible parties, and updating status reports
- Manage intake and response processes for customer security questionnaires and external assessments, ensuring timely and accurate submissions
- Support day-to-day security compliance activities by assisting with the validation of technical and procedural controls across infrastructure, systems, and user access to ensure alignment with organizational security requirements and standards
- Assist in building and documenting security compliance processes that are tool-agnostic, with an emphasis on automation, scalability, and adaptability to evolving GRC platforms or technologies
- Assist in conducting control assessments and evaluations to support compliance with internal policies and external frameworks such as CIS, ISO, and NIST
- Travel occasionally based on business needs
- Other projects or duties as assigned
Qualifications:
Required Education and Experience:
- Bachelor's Degree and 2 to 4 years of experience working in a security-focused compliance role or High School Diploma/General Education Degree (GED) and 5 to 7 plus years of experience working in a security role involving risk assessment and/or security compliance/testing.
- Ability to communicate complex security and compliance concepts to a wide range of stakeholders—from technical teams and individual contributors to senior leadership—tailoring messaging to suit the audience’s level of expertise and decision-making needs. Reyes Holdings values a culture of collaboration and synergy amongst technical and non-technical teams.
Preferred Education and Experience:
- Experience with security and compliance frameworks such as CIS Critical Security Controls, ISO 27001, SOC 2, NIST 800-53, ISA/IEC 62443.
- Participation in internal or external audits, including evidence collection, remediation tracking, and audit readiness activities.
- Experience with GRC platforms for managing compliance workflows, evidence & issue tracking, and reporting.
- Experience with Operational Technology (OT) and/or Cloud environments.
- Familiarity with data visualization or reporting tools (e.g., Power BI, Tableau, Alteryx, Excel) to support compliance reporting.
- Understanding of identity and access management (IAM) concepts, including user access review and account lifecycle governance.
- Industry certifications: Security+, SSCP, ISC2 CC, CISA, CRISC, CISSP, or another equivalent are a plus.
Benefits:
At the Reyes Family of Businesses, our Total Rewards Strategy prioritizes the holistic well-being of our employees. This position offers a comprehensive benefits package that includes Medical, Dental, Vision coverage, Paid Time Off, Retirement Benefits, and complimentary Health Screenings.
Equal Opportunity Employee & Physical Demands:
Reyes Holdings and its businesses are equal opportunity employers. Company policy prohibits discrimination and harassment against any applicant or employee based on race, color, religion, sex, pregnancy or pregnancy-related medical conditions, marital status, sexual orientation, gender identity or expression, age, national origin, citizenship, disability, genetic information, military or veteran status, or any other basis protected by applicable law. In addition, the Company is committed to providing reasonable accommodation to applicants and employees in accordance with applicable law. Requests for accommodation should be directed to your point of contact in the Talent Acquisition or Human Resources departments.
Background Check and Drug Screening:
Offers of employment are contingent upon successful completion of a background check and drug screening.
Pay Transparency:
Our compensation philosophy embraces diverse factors for fair pay decisions, valuing skills, experience, and the needs of our business. Moreover, this role may have the opportunity to participate in a discretionary incentive program, subject to program rules.
