MANAGER, SECURITY COMPLIANCE
The Manager of Security Compliance is responsible for protecting data from compromise. Working within the policies and guidelines established by Minacs, the Manager would be responsible for analyzing, developing, implementing and enforcement of security, privacy and data protection requirements, policies and corporate technical guidelines. The Manager will work with cross functional groups to ensure compliance with client requirements as part of Business operational execution across multiple sites and lines of businesses.
In addition, the Manager will provide leadership in coordinating, developing & communicating recovery environment requirements and contingency plans associated with Minacs' Business Units to protect the business in the event that facilities or technology resources are unavailable due to an unforeseen disruption. The Manager is responsible for coordinating the teams responsible for the planning and implementation of the Business Unit contingency plans to provide for manual/off-line procedure development designed to mitigate firm risk associated with the complete or partial failure of facilities, technology systems or applications related to an unforeseen disruption.
- Provide ongoing evaluation of security measures, reporting findings to security management, identifying any vulnerabilities and make recommendations to reduce exposure.
- Ensure systems and client programs are designed in accordance with data protection policies and guidelines
- Investigate and manage security related incidents
- Conduct Threat Risk Assessments
- Act as Minacs' representative for all security and/or Business Continuity audits, reviews, certifications or inquiries with internal and external clients.
- Act as the Liaison between the Compliance team, Operations team and clients to ensure compliance with client needs.
- Conduct internal audit in support of overall corporate compliance needs
- Lead system owners through the management, process and mitigation of vulnerabilities including implementing system-hardening guidelines
- Conduct Security Awareness Training.
- Assume coordinating responsibility for Business Continuity planning efforts, with a major focus on assuring adequacy of the contingency plans for critical business functions and applications, including developing and maintaining new and existing plans.
- Maintain documentation on information protection practices, policies and procedures.
- Facilitate implementation of data protection technologies
- Ensure functionality and maintenance of physical security controls, redundant power and environment detection systems.
- Review new business opportunities to ensure proper privacy/security/business continuity requirements are appropriate, and adequately captured.
- Review and approve change control requests.
- Ensure compliance with all state and federal telemarketing compliance laws.
- Other duties as assigned by the Chief Security & Privacy Officer.
Education/Knowledge: Bachelor's degree in Information Systems, Information Management or a related field, or equivalent combination of education and relevant work experience is acceptable.
Experience / Skill:
- Five or more years of recent and relevant experience in the Information Systems, information protection and management area. A minimum of 5 years of call center experience.
- Familiarity with telemarketing laws, privacy regulations, and standards such as PIPEDA, HIPAA, GLBA, FTC DNC
- Understanding of call center operations and technology
- Network security compliance standards such as ISO27001, COBIT, PCI, S-OX
Desirable Certification(s): CISSP certification or significant coursework toward certification, CISA, CBCP, SANS GIAC
- Broad understanding of security technology.
- In depth understanding of information data protection policies and risk analysis
- Ability to perform vulnerability identification, assessment and mitigation in heterogeneous environments.
- Ability to perform periodic internal audits to ensure compliance with Security policy and guidelines
- Experience in dealing with a wide range of technical and non-technical personnel and issues.
- Have familiarity with vulnerability assessment and security auditing tools., security administration tools, security scanning tools, web application technologies, technical security implementations (Router ACLs & Firewall Rules definition), multi-platform access controls, cryptography, digital certificate creation/administration, physical security controls and administration.
- Ability to instruct employees in security awareness and practices.
- Ability to relate business requirements and risks to technology implementation for security related issues.
- Strong oral and written communication skills
- Working knowledge of MS Windows, and UNIX operating system controls and platforms
- Knowledgeable of network operations, controls and components.
- In depth knowledge of business continuity & disaster recovery concepts, controls and processes.
- Must work well under tight deadlines and schedules.
- Minimum 5 years of compliance experience
- Must have Call Centre Experience
- Ability to manage several active security/compliance projects simultaneously
- Experience with information protection & compliance technologies such as Tripwire, Mcafee's Enterprise Policy Orchestrator, Host/Network Intrusion Technologies, Firewalls and Access Control Lists
Minacs is an Equal Opportunity, Affirmative Action Employer . We thank all applicants however, only those under consideration will be notified.
Minacs is a leading business solutions company that partners with global corporations in the manufacturing, retail, telecom, technology,...