Who You’ll Work For
REEF is the ecosystem that connects the world to your block, with nearly 5,000 locations across North America. Each REEF hub is a thriving, connected ecosystem of businesses, cities and people, that serves the needs of the on-demand economy. Each location leverages its proximity to where large concentrations of people live and work, offering a variety of services, including micro-fulfillment and distribution centers, mobility solutions, and buffer zones that reduce traffic and congestion.
REEF Kitchens is a core part of this ecosystem that allows food entrepreneurs and restaurants to open and quickly expand their businesses with minimal operational and capital costs. Our national network of delivery-only kitchens lowers the barriers and costs for business owners and helps bring fresh, healthy, high quality food to local neighborhoods.
We are part of SoftBank, and its portfolio of leading companies transforming business and commerce at the cutting edge of technology in the world today.
The Senior IT Security Compliance Auditor (ITSCA) is responsible for creating and/or maintaining security policies and procedures, identifying risks, and ensuring IT controls and operational processes are in place to mitigate identified risks, as well as the tracking and reporting of compliance gaps to closure.
We are looking for a unique balance of skills across security, compliance and privacy functions including risk assessments, IT audits, incident response, business continuity planning, privacy impact assessments, data privacy compliance, security/privacy awareness training, and problem-solving. This is an opportunity to gain hands-on experience across security, privacy, audit, and risk management.
· Provide regulatory compliance support, scope management and communication, defining evidence requirements and program management as required
· Review new regulations for security impact and document requirements for compliance
· Communicate requirements and compliance status to security leadership and impacted technical teams
· Coordinate with project managers and participate in meetings to ensure accuracy of scoping, requirements documentation, gap identification, remediation and compliance requirements are met
· Partner with risk management to ensure transparent communication of risk reporting related to compliance revaluations and identified gaps
· Review evidence submissions to ensure regulatory requirements are met and validation of gap closure
· Track remediation of any gaps to compliance with the implementation area to ensure closure and tracking to deadlines
· Support delivery/implementation leads in promoting and consulting on positions that help strengthen and secure the organization in alignment with regulatory requirements, by either following standards or helping direct others on technology positions
· Help facilitate review of changes in company processes, standards and technology to ensure effectiveness of security controls to meet compliance requirements
· Help consult with stakeholders on requirements for new and existing business/technology solutions to assure compliance to regulations, compliance frameworks and internal standards and governing policies and procedures
· Provide GRC tool administration for security controls assessment workflow and evidence gathering within compliance and issues management modules
· Build effective working relationships, making sound decisions, successfully making changes, initiating action and achieving results as a trusted advisor
· Strong organizational skills, ability to effectively manage multiple, competing projects while achieving targeted results
· Strong audit and compliance assessment skills, ability to effectively define gaps, evidence and remediation requirements while achieving targeted delivery results
· Capable of working with technical and non-technical resources -- able to partner with multiple business groups, senior managers, and senior network architects/ engineers
· Proficient in MS Office Suite and possess ability to write "high quality" documentation and/or presentations
· Able to stay current with cybersecurity regulatory landscape to account for changing security compliance circumstances and maintain technical proficiency via self or formal training
· Strong understanding of IT security best practices by applying depth and breadth of expertise in multiple domains and security disciplines
· General knowledge of: PCI DSS 3.2.1, applicable security / privacy controls, Sarbanes-Oxley (SOX) 404, ISO/IEC 27000 family of standards, NIST 800-53, NIST cybersecurity framework, and COBIT
· General knowledge of common application security architecture and vulnerabilities (e.g. OWASP Top 10), attack techniques and remediation tactics/strategies
· Basic knowledge of Security Analysis (manual and leveraging automated scanning tools).
· Audit and assessment methodologies, procedures and best practices that relate to information networks, systems, and applications
· Application security, database technologies used to store enterprise information, directory services, financial information, and information systems auditing
· Strong understanding of how to apply current and emerging security technologies to solve business problems.
· Track record of developing and implementing comprehensive strategic response and recovery strategies, plans and procedures.
· Strong understanding of applicable practices relating to data privacy and protection
· Strong verbal and written communication skills, especially in the areas of presentation and interaction with people at all levels across an organization
· A track record in the successful management of programs and collaboration with people, both internal and external, as well as demonstrated complex program/project/vendor management skills
· Agile, versatile, flexible and the ability to work with constantly changing priorities
· Bachelor's degree in business administration, computer science, information technology, law or legal studies, or a related field of study, or equivalent experience.
· 7+ years of IT experience - security governance, regulatory governance and/or IT audit preferred
· Relevant industry standard certifications preferred (i.e., CISA, CISM, CISSP, CompTIA, ISACA, ISC2, SANS Institute/GIAC, PCIP)
What We’ll Provide
Life and Disability
Paid Time Off (PTO)
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.
· Frequently operate small office equipment such as a computer, tablet, and copier/printer, telephone.
· Work is performed in a professional office environment.
· Frequently operate small office equipment such as computer, calculator, copier/printer
· Will remain in seated position for extended periods of time
Work is performed indoors for extended periods of time including up to the entire duration of shift.
· Extensive time in front of a computer screen, data entry and analysis
REEF Technology is an equal opportunity employer, and we value diversity at our company. REEF does not discriminate on the basis of race, religion, color, sex, national origin, gender identity, gender expression, sexual orientation, age, marital status, veteran status, or disability status. REEF complies with all applicable equal employment opportunity legislation in each jurisdiction in which it operates.