Security Compliance Manager

About TaskUs: TaskUs is a provider of outsourced digital services and next-generation customer experience to fast-growing technology companies, helping its clients represent, protect and grow their brands. Leveraging a cloud-based infrastructure, TaskUs serves clients in the fastest-growing sectors, including social media, e-commerce, gaming, streaming media, food delivery, ride-sharing, HiTech, FinTech, and HealthTech.

The People First culture at TaskUs has enabled the company to expand its workforce to approximately 45,000 employees globally. Presently, we have a presence in twenty-three locations across twelve countries, which include the Philippines, India, and the United States.

It started with one ridiculously good idea to create a different breed of Business Processing Outsourcing (BPO) We at TaskUs understand that achieving growth for our partners requires a culture of constant motion, exploring new technologies, being ready to handle any challenge at a moment’s notice, and mastering consistency in an ever-changing world.

What We Offer: At TaskUs, we prioritize our employees' well-being by offering competitive industry salaries and comprehensive benefits packages. Our commitment to a People First culture is reflected in the various departments we have established, including Total Rewards, Wellness, HR, and Diversity. We take pride in our inclusive environment and positive impact on the community. Moreover, we actively encourage internal mobility and professional growth at all stages of an employee's career within TaskUs. Join our team today and experience firsthand our dedication to supporting People First.

What can you expect in a Security Compliance Manager role with TaskUs:

Think of yourself as someone who will be responsible for all aspects of Information Security Management and Cyber risk management, ensuring the integrity, confidentiality, and availability of information, networks and systems. You will establish and execute a multi-year strategic implementation roadmap for information security aligned with corporate business strategies and global IT strategy.

Imagine yourself going to work with one thing on your mind: that you will develop, maintain, publish and enforce up to date information security and physical security policies, procedures, standards, and guidelines.

Key Responsibilities:

• Manage all enterprise security compliance requirements and Certifications, including PCI DSS, SOC 2, HIPAA/HITRUST, and multiple ISO standards including the base 27001. This will include serving as primary audit liaison, compiling all evidence/documentation requests, and reporting on the progress of audits to InfoSec and IT leadership.

• Lead the Client Audit from an Auditee perspective and coordinate with all internal teams to align on the client audit processes. Provide all inputs, justification and documents required to the client auditors and ensure all requirements are completed and fulfilled well on time.

• Owns the development and implementation of a corporate security & compliance awareness program. Develops training and awareness efforts for employees, contractors, and visitors to establish a “culture of security” to prevent or mitigate security incidents. Creates and propagates security awareness and training programs among employees.

• Conducts research on emerging practices, services, protocols, and standards in support of system security and compliance enhancement and development efforts.

• Ensures security compliance with applicable regulations and other state and federal laws. Keeps current on US and PH laws and industry data privacy and security regulations.

• Assist in developing and maintaining security operations procedures and processes, as well as working with business units outside of InfoSec to formally document policies and procedures.

• Recommends and supports deployment of additional security products and tools, or enhancements to existing tools, to mitigate security risk and detect/remediate compromises.

• Work with security engineers for the optimal configuration of network and host-based security platforms in line with compliance requirements.

• Provide Incident Response support as needed in response to information security-related events. In the event of security incident response, participate in the analysis, troubleshooting, and investigation of security-related information systems anomalies based on security platform reporting, network traffic, log files, and host-based and automated security alerts.

• Have good experience in Data Governance and Business Impact Analysis (BIA).

• Evaluate systems using vulnerability scanners and manual techniques to verify system security settings and configurations.

• Participate in DRP exercises and continuous improvement processes. Assists in designing and implementing disaster recovery and business continuity plans, procedures, audits, and enhancements.

• Performs other duties as assigned.

Required Qualifications:

• At least 8 years of experience in a combination of Information security, risk management, and IT jobs (preferably in a BPO environment)

• Has 5 years of experience as a Manager of IT security with a job history demonstrating increasing levels of responsibility

• Proven track record and experience in developing security policies, procedures, and standards while successfully executing security projects

• Experience with information security frameworks such as COBIT, COSO, ITIL, is needed.

• Has knowledge and understanding of relevant legal and regulatory requirements, including requirements of PCI DSS, ISO 2700x, SOC 2, HIPAA/HITRUST, Data Protection.

• Knowledgeable on security issues, techniques and implications across the whole IT Infrastructure

• Proficient in performing enterprise risk, business impact, and vulnerability assessments and defining risk mitigation strategies

• With a strong understanding of the business impact of security tools, technologies and policies

• Ability to develop and articulate a compelling business case for recommended actions

• Direct experience in the Vulnerability Scanning and Penetration Testing process and other relevant software tools is a plus

• Strong project management and leadership skills

• Strong problem-solving skills with well-organized and structured work habits

• Demonstrated the ability to manage several projects simultaneously while meeting strict deadlines and objectives

• Excellent verbal and written communication skills with the ability to communicate security concepts to both technical and non-technical audiences at all levels

• Excellent interpersonal and collaboration skills with the ability to function well in a team or independently

• Ability to lead and motivate cross-functional teams to achieve strategic goals

• Has poise and has the ability to maintain composure in high-stress situations

Education / Certifications:

• BS degree in Computer Science, Engineering or equivalent work experience; an M.B.A. or M.S. in information security is a plus with CISA and/or CISSP Certifications.

Work Location / Work Schedule / Travel:

• TBD

How We Partner To Protect You: TaskUs will neither solicit money from you during your application process nor require any form of