Relive the LiT Summit experience! Click here to access all recorded fireside chats, panels and workshops.

Information Security Compliance Manager

Website Ocean Spray Cranberries

Reporting to the Director of Data and Information Security and Privacy, this role is responsible for the adequacy and monitoring of information security within the organization. Analyze information security governance programs, recommends security measures to protect information against unauthorized modification or loss.  Coordinates the development of policies, procedures, and guidance to establish, implement, maintain, and oversee Ocean Spray’s Information Security Program.  Continuous evaluation of Ocean Spray’s security measures to ensure the overall security posture of the company continue to mature.

The position is located at our Corporate office in Lakeville, MA.  This role is currently remote and may allow for a hybrid remote working model, at manager’s discretion.

Duties and Responsibilities:

  • Assist the Director of Data Information Security and Privacy (Director) in the design, development, and deployment, of Ocean Sprays security policies and standards.
  • Focus on governance and controls surrounding the protection and availability of data
  • Review third-party provider assurance reports
  • Work with the Director to ensures that Information Security Program components are fully understood by all employees and adhered to through regularly security awareness training and communications.
  • Participate in meetings such as Risk and Change Management, weekly and monthly operations meeting, etc.
  • Work with the Director on security strategies and roadmaps
  • Assist with maintaining Ocean Spray Business Continuity Plan
  • Performs risk analysis for IT system resources to ensure that the balance of risks, vulnerabilities, threats, and countermeasures achieve a level of risk that is acceptable based upon the criticality of the individual systems.
  • Performs required security reviews for all proposed or new technologies that will be introduced to the organization
  • Collaborate with other Information Security team members
  • Work with other business lines when information security function is requested
  • Perform required security review of all proposed new vendor relationships
  • Collaborate with the Ocean Spray’s legal team on data protection
  • Oversee key controls such as patching, vulnerability management, end point protection,
  • Provides guidance and technical assistance to management, including analysis, evaluation, and recommendations for approval of IT system resource security plans and requirements for IT system resource security in support of Ocean Sprays governance program
  • Works with the Director on cyber and technology security related incidents, violations, or potential threats.  Works with security service providers to investigate any incidents or possible threats and violations.
  • Performs security control testing for control effectiveness, threat mitigation and make recommendations as needed
  • Provide security, compliance, and risk related metrics
  • Performs related and unrelated duties as may be required

Required Knowledge, Skills & Abilities: 

  • BS in Computer Science or related work experience
  • 8+ years’ experience in Information Security and Privacy function
  • Experience with working with MSSP’s
  • Solid understanding of Data Privacy requirements and controls
  • Strong knowledge of technology environments
  • Solid understanding of Business Continuity and Disaster Recovery strategies
  • Solid understand of Information Security and Data Standards and best practices
  • Strong knowledge of cloud security, Azure preferred
  • Strong understanding of Technology and Third-party Risk Management
  • Solid understanding of Data Privacy requirements and controls
  • Solid understanding of Incident Response practices
  • In depth understanding of computer systems and networks
  • Strong knowledge of Internet security and data privacy principles
  • Ability to set and manage priorities
  • Experience with STIGS and security hardening practices
  • Understanding of SDLC and secure application development practices
  • Excellent interpersonal, written, and oral communication skills
  • Relies on extensive experience and judgment to plan and accomplish goals.
  • Strong project and time management, problem solving, and communication skills required.
  • Self-motivated with a passion for information and cyber security
  • Solid understand of network fundamentals and architecture
  • Solid understanding of security controls
  • Experience with vulnerability management programs
  • Experience with asset and patch management
  • Experience with CIS-CSC Control Framework and/or other frameworks
  • CISM, CISA, CISSP, GSEC certifications preferred or related work experience

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status.

To apply for this job email your details to