General Characteristics The IT Security Compliance Manager works in support of compliance requirements and company risk tolerance. The IT Security Compliance Manager ensures that adequate and effective security processes, controls and lifecycles are followed and aligned to deliver compliance with security policy and regulatory compliance requirements. The IT Security Compliance Manager will support the security compliance program, establishing appropriate assessments, managing and tracking risk mitigation and remediation activities, and communicating compliance program results to Senior Management. The IT Security Compliance Manager works with a wide variety of people from different internal and customer organizational units, bringing them together to manifest controls that reflect workable compromises as well as proactive responses to current and future information security risks, and produces metrics and communications for Senior Management. The IT Security Compliance Manager will support the development and implementation of a company-wide security awareness and education program.
Responsibilities and Duties:
:Works on a team within the Information Security and Compliance organization, focusing on IT Security compliance processes and initiatives, acting as the central point of contact and collaborating with other organization units within the company in these matters.
:Performs and/or oversees the performance of periodic risk assessments that identify current and future internal and external security vulnerabilities, provides necessary information to derive decisions about risk acceptance and risk mitigation, and identifies the best ways to reduce information security risks.
:Coordinates and directs the development, management approval, implementation, and promulgation of objectives, goals, policies, standards, guidelines, and other requirement statements needed to support information security compliance throughout the company.
:Supports the Terenine, Inc. security compliance program, ensuring all external compliance requirements are identified, current compliance status is identified, and remediation actions and protects are identified, prioritized, and tracked to completion.
:Ensures adequate and effective IT controls exist to meet current and future security compliance requirements found in laws and regulations such as requirements to comply with SSAE 16 SOC I & II, PCI (Payment Card Industry) Security Standards, HIPAA, state and federal Privacy law.
:Assists with the implementation of company-wide security awareness and education programs that are aligned with security policy, standards, regulatory requirements, and industry practices.
:Manages special projects related to information security that may be needed to appropriately respond to ad-hoc or unexpected information security compliance events
:Supports the communication and actions supporting the Information Security Steering Committee.
:Supports and updates a centralized repository of security controls aligned with corporate and regulatory requirements.
:Coordinates the information security compliance efforts of all internal and outsourced functions that have one or more information security-related responsibilities, to ensure that organization-wide information security compliance efforts are consistent.
:Supports Internal Audit activities and remediation requirements.
:Understands the fundamental business activities performed by company, and based on this understanding, suggests appropriate information security solutions that adequately protect these activities.
:Develops action plans, schedules, status reports and other Senior Management communications intended to track and improve the status of information security, including security vulnerabilities, risk-mitigating initiatives, policy compliance status, and regulatory compliance status.
:Acts as a liaison and decision-maker regarding the work of information security consultants, contractors, temporaries, and outsourcing firms related to areas of responsibility.
:Coordinates selected tests of information security measures, including targeted penetration attacks and other configurable and administrative controls reviews.
:Designs and Engineers internal information handling processes so that information is appropriately protected from a wide variety of problems including unauthorized disclosure, unauthorized use, inappropriate modification, premature deletion, and unavailability
:Serves as an active member incident response teams and participates in security incident response efforts by having an in-depth knowledge of common security exploits, vulnerabilities and countermeasures. Acts as a technical consultant on information security incident investigations and forensic technical analyses.
:Acts as a liaison regarding the work of information security consultants, contractors, temporaries, and outsourcing firms related to areas of responsibility.
Middle level management. Works under general direction of senior level management. Responsible for the management of one or more medium to large-sized, moderately to highly complex programs and projects.
:Develop and maintain a deep understanding of value drivers for Terenine, Inc and customer business units in order to inspire and achieve innovative value creation strategies.
:Establishes and maintains strong working relationships with groups involved with information security and compliance matters such as the Legal Department, Information Technology Managed Services Department, Application Services Department, HR and customer compliance organizations.
:Possess the relationship skills, cultural awareness, and organizational prowess required to work effectively in a highly-matrixed organization. Capable of delivering results through a position of influence, not authority. Takes personal initiative and is a positive example for others to emulate.
:Maintain industry relationships and look to all sources available to develop the best technology strategies
:This position will report to the Information Security Officer, Information Security and Compliance.?
:Adept at communicating complex concepts to diverse audiences with varying skills sets.
:Written and verbal communication skills are critical. Must be able to communicate with the technology providers as well as with business leaders. An ability to understand the technical details and communicate the essentials at a high level is essential
:Experience designing and securing large-scale, multi-tier application and network deployments in collaboration with development, network and system engineering teams.?
:Understanding of applicable regulatory requirements including SSAE16 SOC I & II, PCI DSS, FFIEC and HIPAA
:3 years' experience in Information Technology Compliance and 5 to 7 years in Information Technology.
:Bachelor's degree in technical related field or equivalent work experience.
:Proven, broad, in-depth technical knowledge of Security principles and process is required.
:Security and audit related certifications are beneficial.
TekPartners - 23 months ago