The Security Compliance Manager contributes to a wide range of information security strategic initiatives, including regulatory-driven Security & Risk assessments, Governance oversight (policies, standards, & procedures), IT Controls oversight, IS/IT Audits, Vendor Security oversight, and other duties as assigned. Leads the performance of risk assessments to ensure the Information Security program is based on risk evaluation that identifies reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information that could result in the unauthorized disclosure, misuse, alteration, destruction, or other compromise of such information, and assesses the sufficiency of any safeguards in place to control these risks. Supports the development of best practices with an eye toward tackling complex and continuous process improvement. Identifies needs and implements effective solutions within the overall direction of the ISO/CISO. Takes ownership and tackles a wide range of challenges and provides the analysis that guides teams of technical, operational, and executive personnel. Requires impeccable attention to detail, an intense curiosity, and expertise in a wide variety of topics, such as information technology, security operations, current and emerging security landscape & best practices, and regulatory compliance.
Responsibilities
- Manage assessments, including GLBA, FFIEC Cyber Assessment Tool, applications, etc., and provide support for risk assessments, including Vendor Security, RCSA, etc.
- Periodically perform additional risk assessments that reexamine the reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information that could result in the unauthorized disclosure, misuse, alteration, destruction, or other compromise of such information, and reassess the sufficiency of any safeguards in place to control these risks.
- Lead continual improvement of the risk assessment process, including:
- Criteria for the evaluation and categorization of identified security risks or threats
- Criteria for the assessment of the confidentiality, integrity, and availability of information systems and customer information, including the adequacy of the existing controls in the context of the identified risks or threats
- Requirements describing how identified risks will be mitigated or accepted based on the risk assessment and how the information security program will address the risks.
- Partner with the Chief Information Security Officer and Chief Information Officer to develop and support Security Policies, Procedures, IS/IT Controls, and Audit Effectiveness.
- Secure and allocate resources, manage implementation schedules, and facilitate meetings.
- Work closely with leadership to model and define best practices across all areas of
- Security operations to ensure the highest functioning teams.
- Conduct research and apply structured analysis to achieve insights on initiatives; present information that is relevant and understandable to stakeholders.
- Assist in evaluating initiative proposals, and compile comprehensive recommendations based on the findings.
- Conducts analysis and evaluation of processes for the purpose of improvement and increased efficiency. Makes recommendations to senior management using knowledge of best practices and own expertise.
- Escalate concerns to senior management and work to identify appropriate mitigation strategy.
- Be an agent of change for legacy practices that suppress growth and decrease expense.
Qualifications
- 10+ years of experience required in information systems audit and compliance in the financial services industry
- 5+ years in a prior leadership/supervisory role required
- Skilled in practicing various research methodologies and are able to balance the information gathering and human resources aspects of strategic analysis.
- Demonstrated ability to identify issues of a complex nature and draw actionable strategy to effectively resolve.
- Must be able to size up a business unit and develop a rapport with others quickly.
- Ability to adjust to fluctuating workload with the pressure of aggressive deadlines; ability to manage multiple projects simultaneously.
- Solid knowledge of the financial services industry including but not limited to; products/services offered, vendors, and regulatory requirements.
Knowledge, Skills, Abilities Required
- A seasoned, experienced professional with a full understanding of area of specialization; resolves a wide range of issues in creative ways. This job is a fully qualified, career oriented, journey-level position.
- Works on problems of diverse scope where analysis of data requires evaluation of identifiable factors. Demonstrates good judgment in selecting methods and techniques for obtaining solutions. Networks with senior internal and external personnel in own area of expertise.
- Normally receives little instruction on day-to-day work, general instructions on new assignments.
A reasonable, good faith estimate of the minimum and maximum base salary or pay for this position is $110,483.12 to $165,724.68. Actual compensation will vary based on various factors including but not limited to location, experience, and performance. A discretionary bonus and/or business line incentive may be provided, in addition to a medical and other benefits, dependent on the position. For more information regarding our benefits, please visit https://www.ppbi.com/careers.html