Senior Manager, Information Systems Policy and Compliance
Company DescriptionMicroStrategy transforms organizations into intelligent enterprises through data-driven innovation. We match smart people to dynamic projects and technologies that truly challenge their talents. Curious and creative in outlook, our success is built on the talent and energy of smart and driven people. MicroStrategy (Nasdaq: MSTR) is a worldwide leader in enterprise analytics and mobility software. A pioneer in the BI and analytics space, MicroStrategy delivers innovative software that empowers people to make better decisions and transform the way they do business. We provide our enterprise customers with world-class software and expert services so they can deploy unique intelligence applications.Job DescriptionThe Role: The Senior Manager of Information Systems Policy and Compliance will be responsible for overseeing the MicroStrategy Federal IT Compliance Program. This will include products and infrastructure for applications and ensure compliance with regulatory and internal requirements in key IT areas, including FedRAMP, ISO, SOC2, PCI and Sarbanes-Oxley, software and hardware enterprise agreements, corporate policies and procedures, risk assessment, business continuity planning, information security and change/configuration management.Moreover, this role will assist the CISO in executing a comprehensive, risk-based internal audit plan for the company's information technology controls and perform an unbiased evaluation of audit results and provide recommendations for internal control improvements to management.Your FocusLead, develop and coach members of the IT Compliance Team.Ensure that all infrastructure and applications functions are compliant with current regulatory as well as IT best practice standards and internally established IT policies and procedures.Assisting with the design, implementation and management of the FedRAMP, SOC2, SOX 404, ISO, HIPAA and PCI audit process. (Interact with 3rd parties, high level of multi-tasking)Provide subject matter expert advisory services to IT and the business as it relates to regulatory and industry compliance issues.Manages, coordinates and executes internal compliance testing, documentation and follow-up.Possess deep experience with government compliance, including FISMA, and FedRAMP.Strong knowledge of NIST Special Publications 800-30, 800-37, 800-53Experience with every step within the delivery of Certification and Accreditation (C&A) / Assessment and Authorization (A&A) packages that have obtained and maintained full authorization to operate (ATO)Conduct ongoing security assessments, document and track findings and remediation activities.Perform operational audits to ensure compliance of infrastructure/applications with regulatory or internally established IT policies and procedures.Provide written reports to Senior Management regarding recommendations and conclusions.Analyze risks associated with processes or applications are mitigated with appropriate control.Assist in managing multiple control automation and process improvement initiatives.Deeply knowledgeable about information technology, security, and regulatory compliance.Able to influence cross-departmental projects to get successful outcomes.Ensure all compliance documentation is up-to-date and accurate for all IT areas.Stay up-to-date on current IT regulations and trends.Ensure compliance of change control procedures and policies; evaluate and participate in meeting requirements for re-validation.Assist in the development of procedures and policies governing the management and operation of key regulated computer systems.Research technologies and tools that would assist in obtaining compliance and security certifications.QualificationsRequired Experience and Skills:Motivation, Innovation, Passion, Integrity, Teamwork, Customer-Focus.You Should Also Bring The FollowingBachelor's Degree in Computer Science, Information Systems, Cybersecurity or other related field, or equivalent work experience.6+ years of audit experience (Internal or external). CIA/CISSP certification preferred.Demonstrates extensive knowledge of compliance and privacy regulations such as PCI-DSS, FedRAMP, SOC2, and ISO.Information Technology Infrastructure Library (ITIL) experience.Strong Knowledge of common IT service management, cybersecurity and risk management frameworks, such as ITIL, ISO 27000 and NIST.Excellent communication skills (both written and verbal).Ability to meet deadlines and manage multiple priorities simultaneously.Ability to be self-motivated and work independently as well as in a team environment.Manages relationships with key regulatory and industry assessment vendors.Leads root cause and remediation activities for remediation activities and related information security issues.Additional InformationMicroStrategy is an equal employment and affirmative action employer F/M/Disability/Vet.MicroStrategy is an Equal Employment Opportunity / Affirmative Action employer and provides reasonable accommodation for qualified individuals with disabilities and disabled veterans in job application procedures. If you have any difficulty using our online system and you need an accommodation due to a disability, you may contact us about your interest in employment at 703.848.8600.