Security Risk & Compliance Manager

Join to apply for the Security Risk & Compliance Manager role at APCO Holdings, LLC.

We are seeking an experienced Security Risk & Compliance Manager to join our Enterprise Information Security team. The role reports to the Director, Information Security. The Security Risk & Compliance Manager will develop, implement, and oversee the risk‑management and compliance program to reduce cyber‑security threats and ensure compliance with SOC 2 and regulatory requirements. The candidate will work closely with IT and other teams to identify risk exposure and implement security controls in support of compliance.

• Manage and develop risk‑management and compliance programs to track and monitor risk to resolution.
• Interact and collaborate across the company to assure security controls align with SOC 2 requirements and regulatory compliance.
• Regularly monitor, track, and audit SOC 2 controls and other security risks to ensure compliance with requirements such as FTC Safeguards Rule, CCPA, and NYCRR.
• Facilitate and ensure compliance with SOC 2 certification and regulatory compliance.
• Collaborate with IT and other teams to develop and implement secure processes.
• Develop and facilitate security awareness training.
• Develop security policy, standards, and process documents.
• Conduct security risk assessments.
• Conduct regular security audits.
• Develop and maintain assessment questionnaires.
• Stay abreast of relevant security and privacy regulations, laws, technologies, and threats.

• 10+ years of IT security experience or related field.
• 8+ years of risk and regulatory compliance experience.
• 5+ years of leading successful SOC 2 or equivalent certification.
• In‑depth knowledge of current security best practices for application and network security.
• Meticulous and detail‑oriented with project and output management, including report development.
• Additional experience implementing security frameworks such as NIST or ISO 27001.
• Understanding of network and application security best practices.
• Familiarity with security technologies such as SIEM, WAF, vulnerability scanning.
• Strong project management and organizational skills to manage multiple security projects.
• Self‑motivated, analytical, and possessing a problem‑solving outlook.
• Superior attention to detail and conscientious quality of work product.
• Professional demeanor with superior oral and written communication skills.

• Bachelor’s degree in Information Security or a related discipline.
• CISSP or CRISC certification or similar qualifications.
• Experience with SOC 2 audits and FTC Safeguards Rule, CCPA, and NYCRR requirements.

Physical Demands
:
While performing the duties of this job, the employee is regularly required to type and look at a computer screen for long periods of the day. The employee must be able to sit for long periods of time.

The position requires the ability to perform essential duties as described. Reasonable accommodations will be made to enable individuals with disabilities to perform the essential functions.

APCO is a Drug Free Workplace and an Equal Opportunity Employer. Qualified applicants shall be considered for all positions without regard to race, color, sex, religion, national origin, age, disability, veteran status, or any other status protected by federal, state, or local law.