Job Title: CPNI Compliance Program Manager
Location: Englewood, CO
Salary: $118,00/yr max
The CPNI Compliance Program Manager will report to the Senior Manager, Information Security GRC and function as a central Customer Proprietary Network Information subject matter expert supporting enterprise teams looking to involve our client’s CPNI data in business solutions and processes. They will lead the company through the design and build out of a program that focuses on the protection, use, and control monitoring of CPNI data, including any necessary certifications.
Job Duties and Responsibilities:
Primary responsibilities of the Information Security CPNI Compliance Analyst include the following:
- Draft policies/procedures that govern the security of our clients CPNI data across the enterprise with a specific focus on compliance requirements.
- Design, lead and execute a Compliance program focused on CPNI data handling across the enterprise.
- Partner with security teams to identify and analyze security requirements to align with CPNI compliance standards.
- Track, document, and address CPNI compliance gaps to ensure timely closure.
- Lead security enhancement projects focused on new or changing CPNI compliance requirements.
- Educate and build awareness of CPNI compliance requirements.
- Coordinate with Third Party Risk management to ensure CPNI compliance needs are being addressed and tracked appropriately with third party vendors.
- Coordinate with Privacy / Legal to ensure the overall compliance landscape is well understood and the program captures a complete view of our CPNI compliance needs.
- Continuously improve the CPNI compliance program with new information, procedures, or documentation.
- Other responsibilities as assigned.
Skills, Experience and Requirements
The successful candidate will possess the following qualifications:
- Project Management
- Self-led Learner
- Customer First Mentality
- Strong Adaptability
- Process Documentation Management
- Process Mapping Development
- Communication w Leadership
- Presentation Skills
- General Risk Management Foundation
- General Information Security Foundation
- Compliance + Risk Mindset
- Requires a well-organized, cheerful, and persuasive individual, who can manage multiple priorities at once.
- Must have good meeting management and communication skills to keep conversations focused and productive.
- Must be self-driven; able to manage schedules, meet deadlines, coordinate with others, and perform tasks with minimal supervision.
- Must have the ability to work with a diverse audience, under tight deadlines, and negotiate successful outcomes to challenging problems.
- An expert in CPNI requirements and experience building and executing a program development plan.
- Experience leading through others and rolling out new programs.
- Solid working knowledge of information security concepts and controls.
- An understanding of our responsibility as a company to adhering to compliance requirements.
- Excellent project management skills, with the ability to work within deadlines, juggle multiple priorities, design project plans, and provide project updates.
- Ability to work independently with little direction and/or supervision.
- Superior communication skills with the ability to ask questions, escalate roadblocks early, and interact effectively at multiple levels in the organization.
- Keen attention to detail with the ability to correct on the fly and work independently.
- Analytical aptitude with an emphasis on investigative, methodical critical questioning and logical thinking; a data-driven decision maker.
- Strong understanding of mitigation methodologies and regulatory requirements pertaining to information security, privacy and/or data security.
- Technical writing expert with the ability to create policies, procedures, standards, implementation guidelines and other related IT documentation.
- Solid interpersonal and verbal/written communication skills.
Education and Experience:
- Bachelors Degree or equivalent experience and at least 5-8 years of directly related experience.
- Must have a solid understanding of SOX, PCI, CPNI, CCPA, FACTA and similar IT Compliance and Privacy regulations.
- Experience with NIST, ISO and other industry standards.
- Expert user of Microsoft/Google Suite and an eGRC tool.
- Professional certification (CISSP, CISA, CSIM, CIA or similar) is highly desired. Candidates who apply will be tested in several areas, including verbal/spelling, math/logic and business problem-solving, and must meet minimum standards to be considered for this position.