POLICIES, PROCESSES, & STANDARDS:

• Maintains an up-to-date understanding of industry best practices.
• Develops, enhances and implements enterprise-wide security policies, procedures and standards.
• Monitors compliance with security policies, standards, guidelines and procedures.
• Ensures security compliance with legal and regulatory standards.

BUSINESS REQUIREMENTS:

• Participates with the project team(s) to gather a full understanding of project scope and business requirements.
• Works with customers to identify security requirements using methods that may include risk and business impact assessments.
• Provides security-related guidance on business processes.

SECURITY SOLUTIONS:

• Participates in designing secure infrastructure solutions and applications.

RISK ASSESSMENTS:

• Works directly with the customers and other internal departments and organizations to facilitate IT risk analysis and risk management processes and to identify acceptable levels of residual risk.
• Conducts business impact analysis to ensure resources are adequately protected with proper security measures.
• Analyzes security analysis reports for security vulnerabilities and recommends feasible and appropriate options.
• Creates, disseminates and updates documentation of identified IT risks and controls.
• Reports on significant trends and vulnerabilities

RISK ASSESSMENTS:

• Works directly with the customers and other internal departments and organizations to facilitate IT risk analysis and risk management processes and to identify acceptable levels of residual risk.
• Conducts business impact analysis to ensure resources are adequately protected with proper security measures.
• Analyzes security analysis reports for security vulnerabilities and recommends feasible and appropriate options.
• Creates, disseminates and updates documentation of identified IT risks and controls.
• Reports on significant trends and vulnerabilities.
• Develops plans to achieve security requirements and address identified risks.
• Follows up on deficiencies identified in monitoring reviews, self-assessments, automated assessments, and internal and external audits to ensure that appropriate remediation measures have been taken.
• Performs PCI audits and compliance checks.
• Performs Data Protection Impact Assessments (DPIA)

SECURITY AUDITS:

• Performs security audits.
• Participates in security investigations and compliance reviews as requested by external auditors.

PROBLEM MANAGEMENT:

• Provides responsive support for problems found during normal working hours as well as outside normal working hours.
• Identifies and resolves root causes of security-related problems.

COMMUNICATIONS/CONSULTING:

• Interfaces regularly with staff from various departments communicating security issues and responding to requests for assistance and information.
• Reports to management concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance.

VENDOR MANAGEMENT:

• Works with third party vendors during problem resolutions.
• Interfaces with third party vendors to evaluate new security products or as part of a security assessment process

TRAINING:

• Assists in the development of security awareness and compliance training programs.
• Provides communication and training as needed.
• May guide users on the usage and administration of security tools that control and monitor information security.

COACHING/MENTORING

• Mentors less experienced team members.

Requirements:

• Bachelor’s Degree in Computer Science, Information Systems or other related field, or equivalent work experience.
• Work experience in PCI DSS compliance (preferred)
• Work experience in designing, implementing, and security training
• Typically has 3-5 years of combined cybersecurity work experience with a broad range of exposure to information security and data protection.
• Willingness and ability to travel domestically and internationally, as necessary
• Work experience in compliance, risk, and IT service management
• Effective in written and verbal communication in English.

Good-to-have:

• PCI ISA certification
• CISSP certification
• Project Management experience
• Risk Management experience
• Security Training

Applicant Types Accepted:

Local and International Applicants (IA’s) Accepted