Security and Compliance Manager

Enshored has been powering growth for disruptive brands and leading companies in the US and Europe since 2014. As part of Inc 5000 fastest-growing companies in the US, our commitment to pushing the extra mile helps our clients reach their business’ optimal growth potential, may it be from the ground up or by innovative transformation.

Our team is composed of hand-picked talented individuals adapted to handle themselves in a balanced environment of smart and hard work while maintaining a dynamic relationship with stakeholders, leaders, and team members. Important decisions revolve around the guidance of our core values, especially when choosing the right people:

• Grit. We never give up. We don't always know the answer, but we don't give up until we  crack it. Sticking at it makes us stronger.
• Curiosity. We want to know you, what makes you tick and what it will take to help you grow.
• Learning. Learning is the key to mobility, growth, and transformation. It's a commitment. We're committed.
• Grace. The unconditional love for our fellow man. What is this world without love – merely a transactional scorecard of winners and losers. We don't want to reinforce that operating system. We are driving a paradigm shift to an infinite mindset where we start from the knowledge that there is plenty to go around.
• Honesty & Sincerity. Being true to ourselves. Being honest, being open, trustworthy and truthful. Sincerity provides depth to honesty, as our honesty at times can even betray us, as we all hide behind our deep pain and hurt.
• Integrity. Integrity is standing up for what we believe is right and living by our highest values.

Our philosophy leads us to invest in the best people we can find, and working side by side, we help them build the career paths they deserve.

Don’t just take our word for it; experience the growth yourself!

If you don’t know where to start, check us out at www.enshored.com.

The Security and Compliance Manager will lead the organization's security and regulatory compliance strategies, ensuring the protection of digital assets, AI-driven systems, and sensitive data. This role requires cybersecurity, AI governance, regulatory compliance, and risk management expertise. The individual will implement security frameworks, ensure adherence to industry regulations, and mitigate risks associated with AI and data privacy.

KEY RESPONSIBILITIES

Security & Compliance Leadership

Develop and enforce security policies, procedures, and AI compliance frameworks.
Ensure compliance with industry standards such as ISO 27001, VAPT, GDPR, HIPAA, SOC 2, AI Act regulations, and other compliance requirements.
Conduct risk assessments and audits to identify vulnerabilities and recommend security enhancements.
Establish AI ethics and governance policies to ensure responsible AI deployment.
Prepare compliance reports, support audit processes, measure SOC performance metrics, and report on security incidents.
Support security audits, including follow-ups, documentation reviews, performance tests, tabletop exercises, and corrective action plans for identified risks.

AI Security & Risk Management
Implement AI security best practices, including adversarial attack defense, model robustness, and bias mitigation.
Assess risks related to AI-driven decision-making and data processing.
Develop frameworks to monitor AI security incidents and model performance.
Identify potential risks across finance, operations, compliance, cybersecurity, and other business areas.
Evaluate risk likelihood and impact using qualitative and quantitative analysis.
Develop policies, controls, and procedures to minimize security risks.

Threat Management & Incident Response
Continuously monitor for cyber threats using Security Information and Event Management (SIEM) tools.
Collect and analyze threat intelligence from various sources (e.g., logs, dark web monitoring, security vendors).
Stay updated on emerging threats, vulnerabilities, and attack techniques.
Conduct risk assessments to identify and classify security threats.
Perform vulnerability scans and penetration testing to uncover security gaps.
Collaborate with IT and security teams to patch vulnerabilities.
Investigate security alerts and determine their potential risks.
Prioritize incidents based on severity and impact.
Isolate affected systems to prevent threat propagation.
Apply remediation steps, such as disabling compromised accounts, blocking malicious IPs, and deploying security patches.
Develop AI-driven threat detection and anomaly detection systems for proactive security.
Conduct internal investigations to maintain organizational integrity and perform root cause analysis.
Lead incident response teams in case of security breaches and data leaks.
Implement AI-driven security automation tools to enhance defense mechanisms.

Data Privacy & Regulatory Compliance
Ensure AI models comply with global data protection laws, including GDPR, the California Consumer Privacy Act (CCPA), and the Philippine Data Privacy Act (PDPA).
Establish data governance policies for ethical AI and automated decision-making.
Conduct Privacy Impact Assessments (PIAs) for AI applications.

Training & Awareness
Define incident response plans, playbooks, and escalation procedures.
Train internal teams on risk management, AI security risks, and compliance requirements.
Conduct regular security awareness programs for employees and stakeholders.
Lead the company in the review and implementation of the Business Continuity Plan.
Conduct phishing simulations and security training for employees.
Educate employees on secure practices to prevent social engineering attacks.
Manage security training programs and support global teams in implementing best practices.

Technical Skills Requirement
Cybersecurity Expertise: Cloud security, endpoint security, encryption, Identity and Access Management, and zero trust.
AI & ML Security: AI model risk assessment, adversarial AI defense, explainability.
Regulatory Compliance: ISO 27001, VAPT, GDPR, HIPAA, AI Ethics guidelines.
Incident Response: Threat intelligence, SIEM tools, forensic analysis.
Risk Assessment & Audits: Penetration testing, vulnerability assessments.

Soft Skills Requirement:
Strong leadership and decision-making abilities.
Quick Decision Making under pressure
Strong analytical and problem-solving abilities
Excellent communication and Management Team skills.
Ability to work in high-pressure environments and handle security crises.

Education & Experience:
Bachelor’s/Master’s degree in Cybersecurity, Information Security, Computer Science, or related field.
Certifications Preferred: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Ethical Hacker (CEH), Certified Cloud Security Professional (CCSP), or AI-specific security certifications.
Experience: 10+ years in cybersecurity, risk Operations Management Team, or compliance; 3+ years in AI security.

About Enshored 

Enshored is the leading outsourcer for start-ups. We’re here for the innovators, for the scalers. We’re here for the creators, for the makers, for the horizon scanners who saw it and then went out there and built it. We believe that when our people thrive, our clients thrive too. When we all thrive, the world becomes a better place.

At Enshored, this means: We support our people to achieve their potential and contribute to their best ability through structured learning and career development. We embrace diversity. We understand that people are all different and need different challenges. We don’t treat individuals as cogs in the machine. We provide the environment, tools, and support system to thrive.