Information Security Risk Manager
|Position:||Information Security Risk Manager|
|Reports To:||VP, Deputy CISO|
Information Security (IS) group is looking for Information Security Risk Manager as a direct report to the VP, Deputy Chief Information Security Officer. In this role, the candidate will be responsible for oversight and governance for Information Security risk across the organization, along with maintaining compliance to the latest PCI DSS and PCI TSP standards. The individual will perform ongoing assessments and set the overall direction for maintaining compliance to policies and standards.
We are seeking strong, individually motivated candidates with a proven track record of understanding security controls and working across an organization to implement and validate controls.
Bachelor's degree in engineering, computer science, or a related field with minimum of 8 years of experience.
5 years of engineering, software development experience or technical leadership of technology projects
5 years’ experience with process, tools, techniques and practices for assuring adherence to standards associated with accessing, altering and protecting sensitive data.
Experience conducting risk assessments or running compliance programs and the presentation of acceptable evidence.
Extremely Strong analytical and problem solving skills.
Ability to work with all levels within the organization.
Relevant industry certification, such as CISSP, CISA, etc. is desired.
PCIP and/or previous history of PCI ISA/QSA certification.
Knowledge of ISO27001/ISO27002, COBIT, PCI DSS, PCI TSP, NIST Cybersecurity Framework and similar standards is preferred
- Track compliance requirements and provide overview of latest status to Senior Management on an ongoing basis.
- Candidate should have broad technical knowledge on a number of security technologies and a solid understanding of information and networking security.
- Measure and report appropriate metrics (key risk and performance indicators) to measure the monitoring program and related process.
- Communication skills including the ability to forge relationships, build consensus, negotiate solutions, and guide customers through their decision process are highly desirable.
- Excellent verbal and written communication skills.
- As directed, undertakes such additional duties and responsibilities that may arise from time to time.
Essential Functions and Responsibilities:
- Performing oversight and governance for Information Security Risks across the organization to ensure risk are identified, assessed, quantified, appropriately mitigated and managed through the lifecycle of the product and/or service.
- Analyzing and enhancing business processes to support the continuing compliance of required applications/systems.
- Ongoing monitoring to ensure key program requirements are being met through analysis of metrics, data and assessments.
- Performing periodic/ad-hoc reviews/testing to determine if program is operating as designed
- Guiding applications/systems through the process of the assessment and tracking their progress against their plan and compliance requirements.
- Subject matter expert in the enforcement and validation of PCI DSS and PCI TSP controls and provide guidance and expertise to projects or systems that are required to be compliant.
- Ability to act as a liaison between 3rd party assessors (PCI DSS QSA, P2PE QSA) and internal teams.
- Individual should understand HSM architecture and support key management ceremony.
- Ability to interact with payment card networks to make sure their requirements are appropriately followed.
- Working with the project management team and senior leadership to ensure the project meets all corporate goals in a timely manner, with the key goal of maintaining compliance.
- Ability to interact with appropriate stakeholders demonstrating the reports are compliant to their requirements.
Physical Demands and Work Environment:
- Work is generally sedentary in nature, but may require standing and walking. The working environment is generally favorable. Lighting and temperature are adequate, and there are no hazardous or unpleasant conditions caused by noise, dust, etc. Work is generally performed within an office environment, with standard office equipment available.
- A letter of interest describing your experience and interest in the position
- Your resume
- Names and contact information of three references, or three letters of reference
* Please submit a single application per position.