This position provides administrative support to the Global Infrastructure Team which is responsible for the information security and privacy programs, internal operations, Software as a Service (SAAS), and facilities management.
A primary role is governance, risk and compliance administration. As we continue to grow, this role is responsible for providing evidence and improving our delivery of regulatory, contractual, security and privacy compliance through executing on internal process and documentation. This includes responsibility for the governance process of internal application systems to support the correct execution, storage and retrieval of this evidence. The ability to create, generate, analyze and deliver reports is required in order to improve data integrity and to support further automation for the infrastructure team.
Regulations and frameworks important to the organization are
- Cybersecurity Frameworks (ISO, CIS, CSF)
- GDPR and Privacy Shield
- Service Related (SOC2)
- Government (NIST, FEDRAMP)
A secondary role is office management of the Denver location. This role has responsibility for overseeing and maintaining all the aspects that go into the smooth functioning of the office.
Candidates must be comfortable and perform well in a small company environment and be self-sufficient, work independently and be a self-starter. Sopheon’s culture strives to maintain a pleasant working environment in a dedicated infrastructure team with a very broad range of subject matter expertise.
Principal Duties and Responsibilities:
Reporting to the Director of IT based in the Denver office, you will assume direct responsibility and ownership for Information Systems governance and Denver Office Management, encompassing:
- Ensures that policies, procedures, control & compliance documentation, industry security standards and guidance are maintained and enhanced by the team to ensure efficient and effective operations and regulatory compliance. Information labeling review cleanup and maintenance.
- Coordinate risk assessment and remediation activity.
- Research requirements and functions for applicable regulations and certifications and agree approach with supervisor including meeting timelines for filing and processing to ensure compliance or renewal along with maintaining internal schedules, registers, reports and required documentation.
- Coordinate internal and external audits. Identifies needed business and technical resources to respond to assessments, security questionnaires and security audits in a timely manner.
- Produce and distribute, with Security Team assistance, management reports on access monitoring and control.
- Maintain incident management procedures and ensure that process and documentation is followed during privacy and security related incidents. Coordinate and track escalation of issues as needed.
- Customer lifecycle documentation including recurring tracking of adherence to contracts such as addendums, licensing, SLAs, data location, staffing restrictions.
- IT Administration assisting with
- vendor management, purchasing, expenses, licensing, tracking, and renewals
- assisting with partnerships and associations
- budgeting, forecasting and actuals
- monthly, quarterly and year end activities and reporting
- Application Governance
- Ensure that internal operational applications follow consistent governance standards for structure and security including coordinating regular governance meetings ensure decisions are documented and executed
- Perform monthly updates and reports to ensure data is clean, consistent and follows the defined controls and process.
- Daily Office Management including deliveries, supplies, seating, and coordinating large events.
Knowledge, Skills and Abilities Required:
- Proficient written and verbal English communication skills. Ability to effectively communicate, respond to managers, employees, customers, and vendors in an intelligent, clear, concise, professional and grammatically correct manner.
- Show strong attention to detail and accuracy
- Excellent organizational skills, good judgment and a strong sense of urgency
- Ability to manage time and workload effectively and take projects to completion
- Ability to handle multiple changing priorities simultaneously in sometimes challenging situations and keeping your supervisor involved as needed
- Detailed knowledge and experience in Microsoft Excel with proven ability to perform analysis for consistency, find variances, look for the missing items, and communicate results.
- Proficient with computer skills.
- Happy performing all aspects of the role, from basic to complex.
- Strength to hold others to account but to facilitate how they get there.
- Willingness to learn and take on projects
- Ability to acquire a good understanding of information security control frameworks and a strong working knowledge of information security best practices.
- Working knowledge of or ability to learn GRC (Governance, Risk Management, Compliance) concepts and interaction with management and business leaders
- Excellent communication skills are needed with demonstrated ability to work with multiple organizational functions and levels.
Education and Experience
- Previous experience in contract and regulation compliance, vendor management, or office management.
- Experience with vendor management is preferred but not mandatory.
- At least 2-3 year of experience in spreadsheets, reports, and systems of record
- At least 2-3 years of relevant work experience in a company in the technical space
- Administrative experience in the software, information security, or consulting industry is desirable.
- Familiar with working without direct supervision in a fast changing, entrepreneurial environment
To apply for a position on the Sopheon team, send CV or resume to: email@example.com.
Sopheon is an equal opportunity employer and supports workforce diversity. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, disability or national origin.
Some positions at Sopheon require consent to and successfully passing a background check prior to employment. Also, certain Sopheon customers operate in sensitive industries and require that individuals undergo background screening prior to being involved in a project. The screening process could include verification of identity, criminal record checks and drug abuse checks. If you join us, you may be required to undergo such additional screenings.