Security Compliance Manager

Join to apply for the Security Compliance Manager role at TaskUs

About TaskUs: TaskUs is a provider of outsourced digital services and next-generation customer experience to fast-growing technology companies, helping its clients represent, protect and grow their brands. Leveraging a cloud-based infrastructure, TaskUs serves clients in the fastest-growing sectors, including social media, e-commerce, gaming, streaming media, food delivery, ride-sharing, HiTech, FinTech, and HealthTech.

TaskUs People First culture has grown the company to have approximately 45K employees worldwide. We are currently in twenty-three locations across twelve countries, including the Philippines, India, and the United States.

What We Offer: TaskUs provides world-class benefit packages with competitive industry salaries to all its employees. With well-developed departments, such as Total Rewards, Wellness, HR, and Diversity, we continuously thrive in supporting a People First culture. We are known for our inclusiveness and community impact. We also promote internal mobility and professional development at every step of an employee's career within TaskUs. Come be part of TaskUs that supports People First by applying today

What can you expect in a Security Compliance Manager role with TaskUs:

Think of yourself as someone who will be responsible for all aspects of Information Security Management and Cyber risk management, ensuring the integrity, confidentiality, and availability of information, networks and systems. You will establish and execute a multi-year strategic implementation roadmap for information security aligned with corporate business strategies and global IT strategy.

Imagine yourself going to work with one thing on your mind: that you will develop, maintain, publish and enforce up to date information security and physical security policies, procedures, standards, and guidelines.

• Manage all enterprise security compliance requirements and Certifications, including PCI DSS, SOC 2, HIPAA/HITRUST, and multiple ISO standards including the base 27001. This will include serving as primary audit liaison, compiling all evidence/documentation requests, and reporting on the progress of audits to InfoSec and IT leadership.
• Lead the Client Audit from an Auditee perspective and coordinate with all internal teams to align on the client audit processes. Provide all inputs, justification and documents required to the client auditors and ensure all requirements are completed and fulfilled well on time.
• Owns the development and implementation of a corporate security & compliance awareness program. Develops training and awareness efforts for employees, contractors, and visitors to establish a “culture of security” to prevent or mitigate security incidents. Creates and propagates security awareness and training programs among employees.
• Conducts research on emerging practices, services, protocols, and standards in support of system security and compliance enhancement and development efforts.
• Ensures security compliance with applicable regulations and other state and federal laws. Keeps current on US and PH laws and industry data privacy and security regulations.
• Assist in developing and maintaining security operations procedures and processes, as well as working with business units outside of InfoSec to formally document policies and procedures.
• Recommends and supports deployment of additional security products and tools, or enhancements to existing tools, to mitigate security risk and detect/remediate compromises.
• Work with security engineers for the optimal configuration of network and host-based security platforms in line with compliance requirements.
• Provide Incident Response support as needed in response to information security-related events. In the event of security incident response, participate in the analysis, troubleshooting, and investigation of security-related information systems anomalies based on security platform reporting, network traffic, log files, and host-based and automated security alerts.
• Have good experience in Data Governance and Business Impact Analysis (BIA).
• Evaluate systems using vulnerability scanners and manual techniques to verify system security settings and configurations.
• Participate in DRP exercises and continuous improvement processes. Assists in designing and implementing disaster recovery and business continuity plans, procedures, audits, and enhancements.
• Performs other duties as assigned.

• At least 8 years of experience in a combination of Information security, risk management, and IT jobs (preferably in a BPO environment)
• Has 5 years of experience as a Manager of IT security with a job history demonstrating increasing levels of responsibility
• Proven track record and experience in developing security policies, procedures, and standards while successfully executing security projects
• Experience with information security frameworks such as COBIT, COSO, ITIL, is needed.
• Has knowledge and understanding of relevant legal and regulatory requirements, including requirements of PCI DSS, ISO 2700x, SOC 2, HIPAA/HITRUST, Data Protection.
• Knowledgeable on security issues, techniques and implications across the whole IT Infrastructure
• Proficient in performing enterprise risk, business impact, and vulnerability assessments and defining risk mitigation strategies
• With a strong understanding of the business impact of security tools, technologies and policies
• Ability to develop and articulate a compelling business case for recommended actions
• Direct experience in the Vulnerability Scanning and Penetration Testing process and other relevant software tools is a plus
• Strong project management and leadership skills
• Strong problem-solving skills with well-organized and structured work habits
• Demonstrated the ability to manage several projects simultaneously while meeting strict deadlines and objectives
• Excellent verbal and written communication skills with the ability to communicate security concepts to both technical and non-technical audiences at all levels
• Excellent interpersonal and collaboration skills with the ability to function well in a team or independently
• Ability to lead and motivate cross-functional teams to achieve strategic goals
• Has poise and has the ability to maintain composure in high-stress situations

• BS degree in Computer Science, Engineering or equivalent work experience; an M.B.A. or M.S. in information security is a plus with CISA and/or CISSP Certifications.

• WFH Setup but will go to the office if needed (audits, client visits, etc.)
• Day Shift PHT
• Open to any PH site preferably within Metro Manila

DEI: In TaskUs we believe that innovation and higher performance are brought by people from all walks of life. We welcome applicants of different backgrounds, demographics, and circumstances. Inclusive and equitable practices are our responsibility as a business. TaskUs is committed to providing equal access to opportunities. If you need reasonable accommodations in any part of the hiring process, please let us know.

We invite you to explore all TaskUs career opportunities and apply through the provided URL