Description
Job Description:- Responsible for assessing and overseeing compliance for Information Security, PCI and IT SOX controls.
- In this role, the Information Security Compliance manager will be responsible for the development and maintenance of a compliance framework, as well as leading the compliance components of the attestation processes.
- Additionally, this role is responsible for security policy, exceptions, security awareness, and vendor risk assessments.
- Develops, implements, and oversees remediation processes to address issues identified via security assessments, key financial application reviews, access control reviews, internal or external audits and/or other assessments.
- Maintain SOX and PCI programs, controls and remediation processes.
- Provide monthly Security Awareness communications in conjunction with end user training.
- Develops and maintains compliance metrics program, providing visibility, insight and analysis of the effectiveness of the information security program.
- Provides performance reporting related to information security compliance risk and controls effectiveness to key stakeholders.
- Function as a data conduit within Information Security Operations as well as other areas of Info Sec, Audit, and Risk Mgmt.
- Responsible for vendor management review on third party managed service providers supporting the company.
- Five years of experience in lead capacity and proven experience in supporting audit/compliance functions.
- Strong knowledge of information systems security standards and practices (eg, access control, system hardening, system audit and log file monitoring, security policies, and incident handling)
- Demonstrable knowledge of regulatory and statutory compliance requirements including PCI-DSS, SOX etc.
- Knowledge of ISO27001
- Bachelor Degree in Management/Computer Information Systems, computer sciences, engineering, information security or an equivalent combination of education, training, and years of experience