Oh Snap!
This job is no longer active - but you can still view the details below.

Compliance and Information Security Manager

| Seattle

Compliance and Information Security Manager

About Subsplash

Based in Seattle, Subsplash is an exciting award-winning team of 100+ mission-driven people who are committed to our core values of humility, innovation, and excellence. Founded in 2005, we’ve remained family owned and operated while pioneering the market with the first ever church mobile app. Since then, we’ve been working together to build The Ultimate Engagement Platform™ for churches, Christian ministries, non-profits, and businesses around the world. We find excitement in serving our 9,000+ clients, creating impactful products, and delighting the 40 million real people who use our platform every day. Subsplash has won awards for best mobile experience, been voted top 100 Washington's Best Workplaces by the Puget Sound Business Journal, created some of the most downloaded apps of all time, and built enterprise software for world-class brands like XBOX, Microsoft, Samsung, Expedia, and Cisco; yet, at the end of the day, we love making a lasting impact and a difference in our world.

Working at Subsplash is more than just a job; we are a team of people who are courageous, inventive, and passionate about doing meaningful work every day. Don’t take our word for it—head to Glassdoor and see for yourself!

About Our Team

The Subsplash Finance team is a growing team focused on keeping the company running efficiently and effectively. We are detail oriented, analytical number crunchers, and love improving processes (not to mention a good spreadsheet!). We rely on each other’s areas of expertise across finance, accounting, and data analysis. If you enjoy working with teams of positive, high-energy people who are experts in their domain, this just might be the right fit for you!

About the Role

As the Compliance and Information Security Manager, you will report to the VP of Finance. In this role, you work as a subject matter expert (SME) at Subsplash as you advance our security program across the entire company while understanding the importance of excellent interpersonal and communication skills. In this role, you will bring together people, policy, and tools to help us continue to meet our security commitment with confidence. This position will focus on all aspects of security risk management and data with a particular emphasis on creating an ICF (integrated compliance framework) to impact Subsplash IS infrastructure. As the CISM, you will continuously review our security posture, analyze our systems against industry best practices, accept guidance from contracted experts, vendors, security tools and regulators.

Top 4 outcomes in year 1:

  1. Build & Improve the PCI & GDPR compliance, Privacy and Security Program
  2. Design & Implement an ICF related to privacy, security, confidentiality and NIST
  3. Create and Manage all Incident Response activity
  4. Establish Employee Training on Compliance and IS

Your Priorities

  • Issue Management/Risk Remediation: Works with Stakeholders, including Control Owner's, Control Performers and other Departments to test, track, report, and oversee compliance gap remediation.
  • Design and maintain an Integrated Compliance Framework (ICF): The CISM maintains the ICF content which enables a “test once-comply many” approach. Armed with current emerging standards and regulations, the CISM will gather new requirements from a variety of sources, analysis and cross-mapping to existing controls, stakeholder sign-off and updates to the ICF.
  • Continuous Compliance: The CISM also tracks, reports and advises internal clients on incorporating controls and delivery of evidence in their day-to-day operations so that execution of the controls becomes business as usual.
  • Promotes and supports a culture of compliance, risk avoidance and corporate accountability throughout the organization.
  • Defines and implements a risk-based approach to identifying, monitoring, recommending mitigating controls, measuring and reporting various types of security risk and compliance issues related to financial reporting, external vendors and various service providers complying with NIST..
  • Provides governance for the identification, validation and remediation of information technology controls required by Sarbanes Oxley (SOX), Payment Cardholder Information Data Security Standards (PCI DSS), Personally Identifiable Information (PII), and other regulatory compliance frameworks. Ensure successful audits of all compliance programs.
  • Manage all appropriate vendor relationships in line of business on self-assessments, third party QSA lead PCI Assessment as well as GIS lead PCI Assessments.

Your Qualifications

  • Possess a deep and clear understanding of all aspects of risk management, data compliance, information security strategy, technologies, and tools plus quality knowledge of applicable local and federal information technology laws.
  • 5+ years of proven experience developing and executing security risk management and compliance programs in a SAAS or online payment environment; developing and producing security and compliance metrics for Sr. Management complying with NIST
  • Solid understanding of assessing and designing internal controls, risk management practices, and security governance programs in an enterprise-level environment.
  • Solid understanding of IT systems, applications, networks, and databases with experience in providing technical advice appropriate to the knowledge of risk and cost-effective delivery of essential security services.
  • Solid understanding of security controls across all security domains such as access management, encryption methods, vulnerability management, network security, etc.
  • Proven experience developing and submitting audit and compliance reports to governing bodies, legal entities, and/or external authorities.
  • Working knowledge of the National Institute of Standards and Technology (NIST), Payment Card Industry Data Security Standard (PCI DSS) compliance obligations and GDPR compliance obligations.
  • Willing to become or already certified in one or more of the following areas: ISA, QSA, CIPP, CISSP, CISA, and CISM. Be willing to obtain and maintain security and privacy related certifications that would benefit the company.
  • Experience in planning, organizing, and developing information technology policies, procedures, and practices.
  • Excellent conceptual and critical thinking skills and sound judgment, with strategic orientation and ability to perform tactically, as required.
  • Highly proficient in using Gmail, Google Drive, and related Google Apps.
  • Proficient or ready to learn the following: Tableau, Asana, Slack.


Generous Paid Time Off, Medical Coverage, Dental Coverage, Vision Coverage, 401k, Free Smoothies and Snacks, Public Transportation Subsidy.

Note: Employment with Subsplash is contingent upon satisfactory proof of employee’s right to work in the U.S., as required by law and upon completion of a background check and;

Employment with Subsplash is considered “at will,” meaning that either the company or the employee may terminate the employment relationship at any time without cause or notice.

Read Full Job Description

Technology we use

  • Engineering
    • GolangLanguages
    • JavaLanguages
    • PHPLanguages
    • SwiftLanguages


Subsplash is located in the Interbay neighborhood along major bus-lines with just a short walk to other neighborhoods & local food in Seattle!

An Insider's view of Subsplash

What’s the vibe like in the office?

We celebrate victories, support each other like family, & are all working toward a common goal. Open communication spreads excitement throughout the company as we hit milestones, share innovative ideas & strive for excellence. There is a thread of positivity & kindness in all that we do which sets us apart and allows for the best work-life balance!


Senior Designer

What kinds of technical challenges do you and your team face?

On the Product Team, we have the unique opportunity to build high performant software that supports thousands of unique iOS and Android apps and the millions of end-users who use them. We face the daily challenge of building systems, APIs, and user interfaces that emphasize performance, versatility, and clarity to bring delight to all our clients.


Software Engineer

How has your career grown since starting at the company?

I’ve experienced tremendous growth in product management experience and skills, from business models to learning SQL to running beta tests. I’ve also had the opportunity to take on formal authority, moving from an ‘IC’ role to a manager of five fantastic employees, while building informal influence throughout a rapidly growing company.


Manager of Project & Program Management

What are some things you learned at the company?

Subsplash has taught me how to listen & prioritize. Through conversations with prospective clients, I've learned how to ask intentional questions & listen well. As I juggle tasks, I've learned to better manage my time with competing priorities. From a platform standpoint, the learning never ends with the constant innovation I witness every day!


Ministry Consultant II

What are Subsplash Perks + Benefits

Subsplash Benefits Overview

At Subsplash, our benefits + perks are designed to bring delight to our employees and their families! Each employee receives a generous amount of vacation (work hard, play hard) but we also want our team members to feel rested and refreshed every day of the week, that's why we give the option to work from home on Thursdays (The perfect opportunity to work in your sweatpants. Just saying.).

We strive to offer the best healthcare at the lowest cost possible and we offer a variety of plans to best suit the individual's personal and family needs.

We frequently have company-wide catered lunches, events, team-building activities and not to mention a healthy serving of spontaneous parties. On top of that, we keep our kitchen stocked with yummy munchies, healthy fuel, and the freezer is always packed with all the smoothie makings you could ever need.

Health Insurance & Wellness Benefits
Disability Insurance
Subsplash's short term disability is covered at 100% with salary continuance. Full-time employees can be rest assured that Subsplash has got them fully covered in times of need.
Dental Benefits
Vision Benefits
Health Insurance Benefits
Life Insurance
Subsplash offers $50,000 of Life and AD&D coverage for all full-time employees. Employees are also able to purchase up to $300,000 supplemental coverage at a very low cost.
Retirement & Stock Options Benefits
401(K) Matching
Child Care & Parental Leave Benefits
Generous Parental Leave
Flexible Work Schedule
Remote Work Program
We offer Work-From-Home Thursdays to all employees.
Family Medical Leave
Vacation & Time Off Benefits
Generous PTO
Paid Holidays
Paid Sick Days
Perks & Discounts
Casual Dress
We call it "creative professional". That means we dress casual and bring our own unique style and spunk to what we wear every day; jeans and sandals are totally acceptable!
Commuter Benefits
Company Outings
Stocked Kitchen
Unlimited munchies (including guacamole. Enough said.), coffee from a local Seattle roaster, tea, fruits and vegetables, all the smoothie ingredients you could ever need, and so much more!
Some Meals Provided
We provide monthly catered lunches
Professional Development Benefits
Job Training & Conferences
More Jobs at Subsplash2 open jobs
All Jobs
Dev + Engineer