Description of Position:
This is an environment unlike anything in the high-tech world and the secret of our success is its culture. The value we put on our employees is well documented in articles from a variety of publishers including Bloomberg and Forbes. We are well known for our generosity and community service and have won many awards for its philanthropy. The company joins with its employees to take an active role in volunteering by sponsoring many opportunities to help others.
The IS Compliance Engineer
is a key member of the IS Security Compliance
team reporting to the Manager of Information Security and Compliance. This position will be focused on all aspects of security risk management, privacy, and other industry or regulatory compliance that impact our IS infrastructure. In addition, the role will be responsible for working with all groups our payment channels globally to ensure overall security policy framework, especially PCI is in place and operating.
The Compliance Engineer will work very closely with the IS Security and other IS leadership and management team members to build and maintain a strong security, risk and compliance program. The role requires a mix of broad, business and technical acumen with strong people-management skills
, and the ability to inspire and influence decisions around security risk management with the business. As such, the position works closely with key global business units such as IS, Legal, Audit, Regional Managers and Senior Management, requiring the ability to balance business needs and security risks.
The role will be responsible to determine and establish the approach by which IS will manage and govern issues relating to risk and compliance. This includes creating, institutionalizing and rolling out an issue management approach that addresses the needs of various stakeholders. The overall objective is to reduce risk to the organization by addressing remediation issues in a strategic manner. Providing actionable remediation plans to address issues, tracking, and reporting on progress on a regular basis. The reporting should include the collation, review, analysis, distribution and communication of the issues by our vertical and horizontal organizational structures.
Along with the IS Security Compliance Manager and Department, the candidate will be a key point of contact for senior executive management
and will be available to report at senior executive level on matters within their purview; particularly compliance, data security, risk management and overall security governance.
Tasks and Responsibilities:
Required Skills, Abilities, and Certifications:
- Serves as a subject matter expert for governance and compliance frameworks for IS and business process regulations/compliance within IS Security GRC.
- Provides governance for the identification, validation and remediation of information technology controls required by Payment Cardholder Information Data Security Standards (PCI DSS), Personally Identifiable Information (PII) Ensures successful audits of these compliance programs.
- Stakeholder in the execution of risk management, information security, and data compliance corporate initiatives across all the business units globally.
- Promotes and supports a culture of compliance, risk avoidance/mitigation and corporate accountability throughout the organization.
- Responsible for the development of required corrective action plans relating to data compliance issues.
- Manages the business relationships with the internal and external auditors/assessors.
- Researches and evaluates new compliance requirements and works with other stakeholders and owners to insure they are incorporated into the security policy framework, standards, and procedures.
- Defines and implements a risk-based approach to identifying, monitoring, measuring and reporting various types of security risk and compliance issues in regards to financial reporting.
- Identifies and prioritizes risk management, information security, and compliance risks and recommends mitigating controls.
- Works with counterparts across the corporation to insure the development and communication of policies, procedures, and plans to internal stakeholders regarding security and risk management best practices and applicable laws and regulations.
- Evaluates security and risk assessments of internal business units and external vendors and service providers.
- Assists in the analysis of compliance readiness assessment findings for California Privacy Law and will lead the identification of ownership, remediation planning and validation.
- Participates in lines of business and enterprise control functions compliance strategic planning.
- Deep understanding in all aspects of risk management, data compliance, information security strategy, technologies and tools.
- Over 5 years’ proven experience developing and executing global security risk management and compliance programs.
- Demonstrated leadership skills with ability to work effectively at executive levels.
- Excellent conceptual and critical thinking skills and sound judgment, with strategic orientation and ability to perform tactically, as required.
- Experience in providing technical expertise appropriate to knowledge of risk and cost effective delivery of essential security services.
- Solid understanding of IT systems, applications, networks, and databases.
- Proven experience developing and submitting audit and compliance reports to governing bodies, legal entities, and/or external authorities.
- Solid knowledge and understanding of security controls across all security domains such as access management, encryption methods, vulnerability management, network security, etc.
- Strong knowledge of risk management practices and security governance programs.
- Excellent communication skills (both written and oral) are a must.
- Past or current certifications in one of the following areas: Security+, CISSP, ISA, QSA.
- Architectural level experience in information security, data compliance, and risk management.
- Proven people management experience – worked with a variety of teams globally.
- Experience in planning, organizing, and developing information technology policies, procedures, and practices.
- Ability to propose creative solutions to successfully remediate identified compliance issues.