This position is responsible for IT’s adherence to all regulatory compliance requirements, including Sarbanes-Oxley (SOX), PCI-DSS, ISO27000, HIPAA and is responsible for managing all compliance related activities for the organization. Ensure IT policies, controls and processes are sufficient, cost effective, feasible, reasonable and current with regulatory requirements. Facilitate definition of cross IT Management level policies and controls and drive associated change across IT Management staff. Assess regulatory, business and technology change and architect and drive the implementation of the necessary changes to policies, controls and associated processes. Facilitate and oversee all internal and external audit and assessment activities for the organization.
Keep abreast of regulatory requirements for SOX and HIPAA and standards such as PCI-DSS ISO 27000 series.
Translate regulatory requirements and standards to IT policies, controls and processes.
Assess changes to regulatory requirements and standards and determine their impact to internal IT policies, controls and processes. Make recommendations for associated changes to IT policies, controls and processes, and facilitate their implementation.
Identify and evaluate business and technology risks, internal controls that mitigate risks, and related opportunities for internal control improvement. Write risk assessments and facilitate their approval when they are necessary.
Evaluate major organizational changes, implementation of new technologies and agreements with third-party service providers to ensure continual IT compliance to regulatory requirements.
Act as a liaison to internal and external audit personnel.
Manage all internal and external audit and assessment activities for the organization while identify necessary process improvements. Drive resulting remediation efforts.
Keep management informed of progress of audit activities and associated remediations.
Provide guidance to management and staff on regulatory requirements, audit concerns and areas for process improvement.
Identify internal process improvements efforts to reduce costs associated with audit activities.
Manage IT Compliance staff and provide guidance and leadership to less experienced staff members.
Skills & Experience Needed:
10+ years information technology experience.
Experience managing technology compliance related activities with experience in implementing regulator(such as SOX, HIPAA, etc.) and standards (such as PCI-DSS, ISO27000, etc.) compliance programs.
Working knowledge of security and control management best practices such as COBIT, COSO, CMMI, ITIL, PCI and ISO.
Project management experience required.
College degree in an information technology discipline preferred.
Compliance/Audit related certification preferred.
Experiences in all phases of systems development preferred.
Must work effectively in a team environment.
Highly skilled in verbal and written communications.
Previous experience in contact management or cloud services preferred
Five9 offers a monthly subscription service called the Virtual Call Center that helps telemarketers, inside sales people, customer service...