Piano Overview

Piano’s Digital Experience Cloud empowers organizations to understand and influence customer behavior. By unifying customer data, analyzing behavior metrics and creating personalized customer journeys, Piano helps brands launch campaigns and products faster, strengthen customer engagement and drive personalization at scale from a single platform. Headquartered in Philadelphia with offices across the Americas, Europe and Asia Pacific, Piano serves a global client base, including Air France, the BBC, CBS, Kirin Holdings, Jaguar Land Rover and more. Piano has been recognized as one of the fastest-growing, most innovative technology companies in the world by World Economic Forum, Red Herring, Inc. and Deloitte. For more information, visit piano.io.

Position Overview

Security Compliance Manager (ISM) reports to the Chief Information Security Officer. This role combines responsibilities of an Information Security Manager and a Privacy Compliance Manager with a strong focus on ISO 27001 compliance, PCI DSS compliance, HIPAA, and GDPR compliance. ISM will be responsible for developing, implementing, and managing security and privacy compliance programs to ensure our organization meets all regulatory and industry standards. ISM helps manage all aspects of the company’s information security program including policies, access management and reporting, incident management and response, security and privacy assessments, security and privacy awareness, change control, and vendor risk.

Key Responsibilities

• Documents new and review existing IS policies to ensure alignment with organizational risks and business strategy and to drive continual improvement of the IS program
• Manages projects to deliver new and improved IS solutions; identifies and evaluates potential third-party solutions as required
• Participates in internal and third-party audit programs: monitors compliance with and performance of defined IS controls within the organization and also among service providers
• Assures timely and effective training and retraining of the workforce
• Works with the Security Engineer and software engineering teams to monitor security through the Software Development Life Cycle (SDLC)
• Coordinates response to assessments by regulators, auditors, clients, and/or certifying bodies - ISO27001, PCI DSS, HIPAA, GDPR
• Manages Business Continuity/Disaster Recovery plans, including regular testing
• Manages and reviews cybersecurity incidents
• Prepares regular reports on compliance status, security incidents, and risk management activities for senior management
• Reports security performance against established security metrics
• Communicate security and privacy requirements and best practices to internal stakeholders and external partners.
• Manages and coordinates security related projects and tasks

Privacy compliance

• Co-operates with Group DPO ensuring that the organization’s data privacy practices comply with GDPR and other relevant privacy regulations.
• Co-operates with Group DPO on developing and implementing data protection policies and procedures, including data breach response plans.
• Conducting regular privacy impact assessments (PIAs) and data protection impact assessments (DPIAs).

Educational Background

• Master’s degree in Technical/Information technology/Information security/ Legal/ Compliance field of study

Relevant Work Experience

• 5+ years of strong, proven experience across IS Governance, Risk and Compliance
• Experience authoring exceptional documentation (eg, policies, standards, processes)