Director of Compliance and Information Security 

About Subsplash

Based in Seattle, Subsplash is an exciting award-winning team of 130+ mission-driven people who are committed to our core values of humility, innovation, and excellence. Founded in 2005, we’ve pioneered the market with the first ever church mobile app. Since then, we’ve been working together to build The Ultimate Engagement Platform™ for churches, Christian ministries, nonprofits, and businesses around the world. We find excitement in serving our 11,000+ clients, creating impactful products, and delighting the 40 million real people who use our platform every day. Subsplash has won awards for best mobile experience, been voted top 100 Washington's Best Workplaces by the Puget Sound Business Journal, created some of the most downloaded apps of all time, and built enterprise software for world-class brands like XBOX, Microsoft, Samsung, Expedia, and Cisco; yet, at the end of the day, we love making a lasting impact and a difference in our world.

Working at Subsplash is more than just a job; we are a team of people who are courageous, inventive, and passionate about doing meaningful work every day. Don’t take our word for it—head to Glassdoor and see for yourself!

About Our Team

The Subsplash Finance team is a growing team focused on keeping the company running efficiently and effectively. We are detail oriented, analytical number crunchers, and love improving processes (not to mention a good spreadsheet!). We rely on each other’s areas of expertise across finance, accounting, and data analysis. If you enjoy working with teams of positive, high-energy people who are experts in their domain, this just might be the right fit for you! 

About the Role

As the Director of Compliance and Information Security, you will report to the VP of Finance. In this role, you work as a subject matter expert (SME) at Subsplash as you advance our security program across the entire company while understanding the importance of excellent interpersonal and communication skills. In this role, you will bring together people, policy, and tools to help us continue to meet our security commitments with confidence. This position will focus on all aspects of security risk management and data with a particular emphasis on creating an ICF (integrated compliance framework) to impact Subsplash IS infrastructure. As Director of CIS, you will continuously review our security posture, analyze our systems against industry best practices, accept guidance from contracted experts, vendors, security tools and regulators.

Top 4 outcomes in year 1: 

1. Build & Improve the PCI & GDPR compliance, Privacy and Security Program
2. Design & Implement an ICF related to privacy, security, confidentiality and NIST
3. Create and Manage all Incident Response activities 
4. Establish Employee Training on Compliance and IS

Your Priorities

• Design and maintain an Integrated Compliance Framework (ICF): The CISD maintains the ICF content which enables a “test once-comply many” approach. Armed with current emerging standards and regulations, the CISO will gather new requirements from a variety of sources, analysis and cross-mapping to existing controls, stakeholder sign-off and updates to the ICF. 
• Issue Management/Risk Remediation: Works with Stakeholders, including Control Owner's, Control Performers and other Departments to test, track, report, and oversee compliance gap remediation.
• Continuous Compliance: The CISD tracks, reports and advise internal clients on incorporating controls and delivery of evidence in their day-to-day operations so that execution of the controls becomes business as usual.
• Promotes and supports a culture of compliance, risk avoidance and corporate accountability throughout the organization.
• Defines and implements a risk-based approach to identifying, monitoring, recommending mitigating controls, measuring and reporting various types of security risk and compliance issues related to financial reporting, external vendors and various service providers complying with NIST.
• Provides governance for the identification, validation and remediation of information technology controls required by Sarbanes Oxley (SOX), Payment Cardholder Information Data Security Standards (PCI DSS), Personally Identifiable Information (PII), and other regulatory compliance frameworks. Ensure successful audits of all compliance programs.
• Manage all appropriate vendor relationships in line of business on self-assessments, third party QSA lead PCI Assessment as well as GIS lead PCI Assessments.

Your Qualifications

• 5+ years experience developing and executing security risk management and compliance programs, (preferably in a SAAS or online payment environment), developing and producing security and compliance metrics complying with NIST.
• Solid working knowledge of the National Institute of Standards and Technology (NIST), Payment Card Industry Data Security Standard (PCI DSS) compliance obligations and GDPR compliance obligations.
• Willing to obtain certification in one or more of the following areas: ISA, QSA, CIPP, CISSP, CISA, and CISM.
• Company SME on all things related to compliance, information security and privacy with a solid understanding of the following:
• Assessing and designing internal controls, risk management practices, and security governance programs in an enterprise-level environment.
• IT systems, applications, networks, and databases with experience in providing technical advice appropriate to the knowledge of risk and cost-effective delivery of essential security services.
• Security controls across all security domains such as access management, encryption methods, vulnerability management, network security, etc.
• Risk management, data compliance, information security strategy, technologies, and tools plus quality knowledge of applicable local and federal information technology laws.
• Proven experience developing and submitting audit and compliance reports to governing bodies, legal entities, and/or external authorities. Including:
• Experience in planning, organizing, and developing information technology policies, procedures, and practices. 
• Excellent conceptual and critical thinking skills and sound judgment, with strategic orientation and ability to perform tactically, as required.
• Highly proficient in using Gmail, Google Drive, and related Google Apps. 
• Proficient or ready to learn to proficiency the following: Tableau, Asana, Slack.

Benefits

Stock Options, Paid Time Off, Medical Coverage, Dental & Vision Coverage, Matching 401k, Free Smoothies and Snacks, Public Transportation Subsidy, and a great team environment.

Note: Employment with Subsplash is contingent upon satisfactory proof of employee’s right to work in the U.S., as required by law and upon completion of a background check and; Employment with Subsplash is considered “at will,” meaning that either the company or the employee may terminate the employment relationship at any time without cause or notice.

The Company is an equal opportunity employer. It is the Company's policy that decisions involving any aspect of the employment relationship will be made without regard to race, color, gender, creed, religion, age, marital status, national origin, ancestry, citizenship, the presence of any sensory, mental, or physical disability, veteran status, or any other status or characteristic protected by applicable local, state, or federal law. This policy applies to all terms, conditions, and privileges of employment, including recruitment, hiring, placement, compensation, promotion, discipline, and termination.