Manager, Information Security Compliance

Job Description

Personality:

• Requires a well-organized, cheerful and persuasive individual, who can manage multiple priorities at once.
• Must have good meeting management and communication skills to keep conversations focused and productive.
• Must be self-driven; able to manage schedules, meet deadlines, coordinate with others, and perform tasks with minimal supervision.
• Must have the ability to work with a diverse audience, under tight deadlines, and negotiate successful outcomes to challenging problems.

Skills:

• Analytical aptitude with an emphasis on investigative, methodical critical questioning and logical thinking; a data-driven decision maker.
• High-level interpersonal skills.

Education and Experience:

• Bachelor’s Degree (or equivalent experience) and at least 3-5 years of directly related experience. Must have a solid understanding of SOX, PCI, CPNI, CCPA, FACTA and similar IT Compliance and Privacy regulations.
• Strong understanding of risk mitigation methodologies and regulatory requirements pertaining to information security, privacy, and/or data security.
• Experience with compliance audits such as PCI and/or CPNI. Former QSA preferred.

Other Qualifications:

• Professional certification (CISA, CRISC, CSIM, CIA or similar) is highly desired. Candidates who apply will be tested in several areas, including verbal/spelling, math/logic and business problem-solving, and must meet minimum standards to be considered for this position.

Google Form Information

Justification: Why do you need this role? What is the impact? Complex structure and requirements of team/position.

The Compliance Manager will report to the Sr Manager, Information Security GRC and will function as a central Information Security subject matter expert supporting enterprise teams, including managing the team supporting the PCI and CPNI compliance programs. They will work within the GRC team to mature the compliance assessment and control requirement program, develop control testing and monitoring capability, and to support the onshore/offshore team throughout assessment lifecycles.

What are the main responsibilities that your new hire will have?

– Partner with Business Units to identify, analyze and mitigate compliance risks associated with activities executed throughout the enterprise.

– Act as team lead across information security compliance management activities.

– Supervise teams responsible for assessing, managing, and monitoring compliance risk.

– Provide compliance consultation for new and ongoing enterprise initiatives.

– Consult on defining compliance policies and best practices.

– Educate and build awareness of compliance requirements across the organization.

– Improve compliance with security standards and policies across enterprise teams.

– Participate in testing and monitoring of compliance controls executed by enterprise teams.

– Lead compliance enhancement projects focused on new or changing technologies.

– Publish executive-level reporting across compliance activities.

– Coordinate with Privacy / Legal to ensure the overall compliance landscape is well understood and the program captures a complete view of our compliance needs.

– Coordinate with GRC partners to ensure consistency of program execution.

What will this candidate do in the first 90 days on the role and how will you define a candidate’s success?

In the first 90 days, the Compliance Manager will learn company security policies and GRC procedures that will empower them to act as the compliance subject matter expert. They will also begin attending project meetings and interacting with the PCI and CPNI teams, including critical business partners, to ensure compliance is considered across impacted system lifecycles. This role has a supervisory component, so the relationship building across their team will be critical to the success of the entire program.