Position Summary:
This role will monitor, manage, and close existing compliance issues while analyzing internal systems for compliance with security standards. This position will work with IT support staff to perform vulnerability and risk assessments and develop mitigation strategies to ensure compliance with current procedures and policies across the organization.
Essential Functions:
·Planning and leading organization-wide security audits to ensure compliance with the Sarbanes-Oxley Act (SOX), the Payment Card Industry Data Security Standard (PCI DSS), HIPAA, and various other mandates
·Working with the information technology (IT) department and other relevant departments to coordinate audits, both internally and externally
·Developing, preparing, and reviewing documents related to compliance and assessments
·Designing remediation efforts when security deficiencies are found
·Coordinating annual SOX and Statement on Standards for Attestation Engagements No. 16 (SSAE 16) audits for the IT department
·Identify threats and risk exposures, assess and manage risks, and monitor the implementation of corresponding programs
·Planning and maintaining compliance activities according to existing policies and standards as well as industry regulations
· Pointing out the shortcomings associated with existing platform security and compliance processes and developing ways to address them
· Working with third parties and consultants as needed for independent security audit
· Respond to client audits and act as the subject matter expert for all client questionnaires
· Escalate high and critical risks or risk trends to the appropriate level of leadership
· Provide audit and compliance metrics monthly
· Embed compliance culture and risk awareness across the company
· Provide off-hours support if required
· Performs other duties as may be assigned.
This is an on-site position with no hybrid opportunity at this time.
Knowledge, Skills, and Abilities
Essential:
• Broad technical knowledge of information security and compliance principles and process
• Experience in operating, monitoring, and implementing security policies, standards, and controls
• Experience managing external audit activity and supporting internal audits
• Knowledge of core security controls and systems such as risk analysis quantification and point of escalation
- Ability to implement new policies and programs
- Strong written and verbal communication skills
- Strong analytical and critical thinking skills
- The highest degree of personal integrity.
Education and Training
- Bachelor’s degree in computer science, Information Technology, or equivalent experience preferred 10 or more
years of professional networking experience, including 5 or more years of security management
and/or compliance.
- Professional certification, such as CISA, CISM, CRISC, CISSP, or ISAAP
Reports To:
