You must be passionate about Compliance, as you’ll need a good working knowledge of industry best practice frameworks, such as ISO, NIST and CoBIT. You will regularly meet with business and technology teams across Client to consult with them on their compliance requirements. You will work cross-functionally within the Corporate Information Security (CIS) teams and across Client for information security compliance operations.
We're looking for someone who has clearly demonstrated skills and experience, since your responsibilities will include, but not be limited to:
§ Utilize your thorough understanding of ITGC’s (IT General Controls) to consult with Technology units for assessment of compliance to GDPR.
§ Consult on control design and control operations related in support of compliance requirements.
§ Drive and own the annual control validation process (Self- Assessment, Report of Compliance).
§ Support compliance team to implement Client’s comprehensive compliance controls program.
§ Understand the relationship between information security policies, standards, procedures, and controls as they pertain to the delivery and maintenance of quality systems so that you can effectively advocate information security rationale to business stakeholders.
This opportunity requires skills and experience related to the IT controls, this IT Compliance role requires experience in the enterprise's compliance with the regulator requirements such as GDPR, SOX, etc. You must be comfortable working in an ambiguous, yet fast-paced, environment.
§ 5 + years of IT Audit, internal Audit, and/or IT compliance history
§ Highly preferred ISA (Internal Security Assessor) certification but not required.
§ Knowledge of information security principles, frameworks, and best practices (e.g., PCI DSS, COBIT, COSO, NIST and ISO 27000).
§ Excellent collaboration skills – must be eager to work as part of a cohesive team and work as a partner to others within Client, Inc. both at WHQ and globally.
§ Proven experience identifying solutions for complex problems in enterprise environments.
§ Excellent analytical and problem-solving skills.
§ Current on information security technologies, trends, standards, and best practices.
§ Bachelor's degree in Business Information Management, Information Security, Computer Science, Finance, or Accounting.
§ CISA, CRISC, CISSP, or CISM certifications are beneficial.
Strong business acumen to quickly learn new business processes and understanding of PCI and SOX value to the business.