OverviewThis is a hybrid role - 2 days remote and 3 days in the Malvern, PA office.CubeSmart is hiring a Security Compliance Program Manager to join our Information Technology department at our Malvern, PA, headquarters. They will ensure the organization complies with guidelines and requirements such as PCI DSS (Payment Card Industry Data Security Standard) and Sarbanes-Oxley (SOX) audit requirements. This position involves gathering, maintaining, and auditing the necessary documentation to ensure adherence to regulatory requirements. The program manager will collaborate with cross-functional teams to identify gaps, track remediation efforts, and provide comprehensive audit documentation. The role also includes developing and leading incident response tabletop exercises.Who we are:At CubeSmart, we're intentional about culture. You can experience it everywhere from our mission statement of genuine care to our It's What's Inside That Counts tagline to calling each other teammates rather than employees. This spirit fosters a fun and collaborative environment that has resulted in our rapid growth and being recognized amongst the top in our industry. CubeSmart's award-winning team is made up of people who genuinely care. Teammates care about our customers and the life events and/or business needs they are facing. Teammates are passionate, responsible and understanding. The CubeSmart team is made up of people who have a can-do attitude, are committed to their own success and the success of the company, and lead by example. If this sounds like a team and culture that matches your personal values and motivations, we want to hear from you. ResponsibilitiesReporting to the Director of Information Security, this role will be responsible for the identification, reporting, and remediation of security and compliance gaps across all technology systems.
- Documentation Management: Gather, maintain, and organize all required documentation for PCI DSS and SOX audits, ensuring accurate and up-to-date records.
- Audit Preparation: Assist in the preparation for PCI and SOX audits by providing relevant documentation and evidence and addressing auditor requests. Ensure internal control testing for SOX and PCI DSS compliance is thoroughly documented and operating
- Compliance Monitoring: Monitor compliance with PCI DSS and SOX requirements, reviewing policies, procedures, and documentation to ensure they meet current regulations.
- Third-Party Risk Management: Assess and ensure third-party vendors meet PCI DSS, SOX, and other relevant compliance requirements. Collaborate with procurement, legal, and risk management teams to mitigate vendor risks.
- Risk Assessment: Collaborate with business stakeholders to assess and document risks. Work to identify areas for improvement. Assess, evaluate, and make recommendations to management regarding the adequacy of the security controls in products, processes, and technology solutions.
- Control Testing and Issue Tracking: Support internal control testing efforts for SOX and PCI compliance, ensuring all security controls are operating effectively and are properly documented. Track and document compliance issues or deficiencies, following up on remediation efforts and coordinating with relevant teams to ensure timely resolution.
- Incident Response: Develop and lead incident response tabletop exercises focused on PCI DSS and SOX scenarios, ensuring that all relevant stakeholders are trained and prepared to respond to potential security incidents. Assist with the investigation of security incidents, recommend and implement solutions to remediate or mitigate them.
- Data Privacy Compliance: Ensure compliance with data protection and privacy laws (e.g., GDPR, CCPA) in collaboration with legal and data governance teams.
- Reporting: Generate and submit periodic compliance reports to management, detailing the organization's compliance posture, outstanding issues, and the effectiveness of security controls.
- Training & Awareness: Assist in creating training materials and conducting awareness sessions on PCI and SOX compliance requirements for relevant departments.
- Change Management: Coordinate and track the IT change management program, ensuring all changes to the production environments are properly documented and coordinated.
Qualifications
- Education:
- Bachelor's degree in information security, Information Technology, Accounting, or a related field.
- A relevant security or audit certification (e.g., CISSP, CISA, CISM, CRISC) is a plus.
- Experience:
- Minimum of 5-8 years of experience in IT security, compliance, or audit roles, preferably with a focus on PCI DSS and SOX compliance.
- Experience with control testing, risk assessments, and audit processes.
- Experience in developing and conducting incident response exercises is preferred.
- PCI Qualified Security Assessor or Internal Security Assessor experience is preferred.
- Knowledge & Skills:
- Strong understanding of PCI DSS and SOX compliance frameworks, IT General Controls (ITGCs), and security best practices.
- Familiarity with regulatory compliance, risk management, and auditing methodologies.
- Proficiency with compliance management tools, audit software, and reporting tools.
- Knowledge of data privacy regulations (e.g., GDPR, CCPA) is a plus.
- Strong communication, organizational, and leadership skills, with the ability to work independently and collaboratively across departments.
- Soft Skills:
- Excellent verbal and written communication skills, with the ability to clearly explain complex compliance requirements.
- Strong organizational and time-management skills, with attention to detail.
- Leadership abilities to influence cross-functional teams and drive compliance efforts.
- Analytical mindset and problem-solving skills to address compliance gaps.
- Ability to manage multiple priorities and work independently in a fast-paced environment.
Preferred Certifications:
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
- Certified Information Systems Auditor (CISA)
We are an Equal Opportunity Employer, Minority/Female/Veteran/Individuals with Disabilities/Sexual Orientation/Gender Identity.#LI-MT1