Job Description

Senior Security Program Manager- Remote or Hybrid | Cary, NC

Nice to meet you!  

We’re the leader in analytics. Through our software and services, we inspire customers around the world to transform data into intelligence – and questions into answers.

We’re also a debt-free multi-billion-dollar organization on our path to IPO-readiness. If you’re looking for a dynamic, fulfilling career coupled with flexibility and world-class employee experience, you’ll find it here.

About the job

SAS is seeking an experienced and highly motivated individual committed to meeting the security and compliance needs of SAS. In this role, you will help ensure that processes related to both compliance and regulatory objectives are maintained enabling successful execution of both technological controls and documented processes. Your expert knowledge will enable Cloud and Information Services (CIS) to improve support of relevant compliance programs in alignment with appropriate privacy and security frameworks. You should be a self-motivated individual who can work across teams and divisions to drive successful outcomes and lead through influence. This individual will participate in the SAS Managed Cloud Audit & Compliance PMO whose purpose is to own the execution of our government cloud business. This role will sit within the Information Security Office to provide direct support and coordination to remediation activities within CIS service towers. 

As an Information Security Program Manager, you will:

• Partner with Governance, Risk, Compliance & Audit, Product Management and Engineering teams to identify, stand-up and manage the execution of a Program Management Office focused on government security and compliance frameworks.
• Be accountable for attainment of overall project goals while managing scope and stakeholder expectations and using appropriate communication methods based on the audience. 
• Maintain project documentation including updates to the project portfolio, plans, schedules & status reports.
• Determine resource needs and coordinate requests for personnel, tools/technologies, and other resources. 
• Assist process & control owners with the setting expectations around design/implementation of controls and related documentation (e.g., system security policies, procedures, narratives, and matrices)
• Facilitate remediation of control deficiencies and gaps identified by internal and external audits or assessments in alignment with business objectives
• Provide direction to ensure alignment with both strategic and tactical business needs in support of both SAS Managed Cloud and the SAS Enterprise.
• Participate in third-party attestations, audits, and certification efforts on behalf of CIS to ensure SME’s 

Required qualifications

• US Citizen Required.
• Overall, 8 years of working Experience.
• Proven ability to lead large, complex projects in either a project or program management role.
• 2 years of experience in a relevant Governance, Risk, Compliance, Audit or Privacy focus areas (process involvement)
• 3 years of experience in a relevant Information Security Operational or Analyst role (control involvement).
• Ability to crosswalk compliance frameworks such as ISO 27001, FedRAMP, SOC 2/3 and identify expected outcomes for process & control owner.
• Equivalent combination of related education, training and experience may be considered in place of the above qualifications.
• You’re curious, passionate, authentic and accountable. These are our values and influence everything we do.

Preferred qualifications

• Advise internal project members to help drive positive information security outcomes. 
• Assist in development of standards and processes for the creation of regular operational metrics
• Support leadership with data-driven metrics that demonstrate compliance with approved frameworks.
• Stays up to date on market trends related to Cyber Security, Compliance and Privacy.
• Strong negotiation, facilitation & presentation skills.
• Excellent organization, planning and communication skills.
• Resolves problems with minimal management assistance; escalates appropriately.
• One or more applicable industry certifications related to Security, Compliance, Privacy, Audit: CISSP, CISM, IAPP, CISA, CRISC, CIPP, CHC, CCEP

World-Class Benefits  

Highlights include...

• Comprehensive medical, prescription, dental and vision plans.
• Medical plan options include...
  • PPO with low annual deductible and copays.
  • HDHP combined with a health savings account with a contribution from SAS (no access to on-site health care center).
• Onsite Health Care Center (HQ) that’s free to employees and family members enrolled in the PPO plan. There's a pharmacy too! Not local to HQ? The pharmacy will ship prescriptions for no additional charge!
• An industry-leading 401k plan.
• Generous time away including vacation time, a variety of paid holidays, and our much-loved U.S. Winter Wellness Break between December 25 and January 1.
• Volunteer Time Off, parental leave and unlimited paid sick days.
• Generous childcare benefits for all full-time employees.

#LI-CC1

Diverse and Inclusive

At SAS, it’s not about fitting into our culture – it’s about adding to it. We believe our people make the difference. Our diverse workforce brings together unique talents and inspires teams to create amazing software that reflects the diversity of our users and customers. Our commitment to diversity is a priority to our leadership, all the way up to the top; and it’s essential to who we are. To put it plainly: you are welcome here.

Additional Information:

To qualify, applicants must be legally authorized to work in the United States, and should not require, now or in the future, sponsorship for employment visa status. SAS is an equal opportunity/Affirmative Action employer. All qualified applicants are considered for employment without regard to race, color, religion, gender, sexual orientation, gender identity, age, national origin, disability status, protected veteran status or any other characteristic protected by law. Read more: Know Your Rights. Also view the Pay Transparency notice.

Resumes may be considered in the order they are received. SAS employees performing certain job functions may require access to technology or software subject to export or import regulations. To comply with these regulations, SAS may obtain nationality or citizenship information from applicants for employment. SAS collects this information solely for trade law compliance purposes and does not use it to discriminate unfairly in the hiring process.

SAS only sends emails from verified “sas.com” email addresses and never asks for sensitive, personal information or money. If you have any doubts about the authenticity of any type of communication from, or on behalf of SAS, please contact Recruitingsupport@sas.com.

SASCLOUD

#SAS

SAS