Key part of the Information Security GRC team in coordinating the development, implementation, and compliance of information risk management controls. Includes working with control owners to ensure compliance with internal and external audits, as well as working with IT teams to remediate any audit findings. The analyst is responsible for managing risks and ensuring control activities and processes are in place related to the use of information technology, information security, privacy, regulatory compliance and governance.
The Manager Risk and Compliance will be responsible for managing and growing the IT Information Security compliance program, including policy and standard development, PCI Compliance, and access governance. Manages IT security analysts to ensure that all applications are secure. Implements procedures and methods for auditing and addressing non-compliance to information security standards and industry security norms.
NOTE: OPEN TO REMOTE WORK WITHIN THE U.S.A
- Coordinate and manage annual PCI Assessment
- Update Information Security Risk Universe
- Conduct gap analysis to authoritative control frameworks including PCI and NIST
- Maintain Policies and Standards for the Cybersecurity functions
- Conduct annual risk assessments to help prioritize necessary process changes
- Partner with technology and business groups to assess, implement, and monitor IT- related security risks and controls
- Establish and maintain key metrics to evaluate compliance program
- Manage understanding of risk tolerance and risk exposure across the organization and be able to communicate to responsible team members
- Bachelor’s Degree or equivalent in relevant field required.
- 3 Years’ experience with PCI Assessments highly preferred
CERTIFICATES, LICENSES, REGISTRATIONS
- CRISC, CISM, CGEIT, CSX-P or CC(GRC)P Preferred
- Certified In Risk And Information Systems Control
- Certified In The Governance Of Enterprise It
- Information Security
- Certified Information Security Manager
- Information Technology