Sr Security Risk and Compliance Specialist
Doral, FL | Direct Hire
The Senior Security Risk and Compliance Specialist is a critical member of the Information Security Governance, Risk and Compliance team. The role is responsible for translating industry, government and contractual compliance requirements (SOX, FFIEC, SSAE16, etc.) into IT Security and Risk Management frameworks, policies, standards and best practices. This position will coordinate the remediation of non-compliant areas of across all of the company lines of business and support internal and external audits for the areas of Information Security, Risk Management and Compliance.
The Senior Security Risk and Compliance Specialist will be accountable for defining a comprehensive compliance management framework and associated policies and processes, managing the audit and compliance process, managing the compliance response process, developing metrics and championing compliance initiatives across ’s business units.
The Senior Security Risk and Compliance Specialist will collaborate closely with members of the company’s corporate functions such as Human Resources, Legal, Procurement and other business stakeholders to ensure compliance requirements are understood. This role will also coordinate efforts with Information Security teams, Security Steering Committees, internal and external auditors, Security Architecture and IT Operations teams to ensure that compliance requirements are appropriately addressed, tracked and reported to business stakeholders. This is to achieve and maintain a security posture commensurate with the risk tolerance of the organization, meet business objectives and regulatory requirements.
Note: This is not an auditor or assessor role. The incumbent must demonstrate good understanding of both the audit process (performing an audit) and the compliance management process (responding to an audit). Incumbents with just audit level experience will not be considered.
· Responsible for analyzing and implementing risk and compliance management frameworks, policies, standards and best practices in support of the Information Security Governance, Risk Management and Compliance Programs.
· Responsible for assisting in the identification, analysis and assessment of information risk scenarios.
· Provide security expertise and guidance around security issues and recommend solutions to mitigate and eliminate compliance risks to information assets.
· Measure and assure that controls are in place and managed properly to meet legal and regulatory compliance for the protection of all of ’s information and physical assets.
· Support technology in the evaluation of risks and controls, particularly when evaluating the risk and controls of high-risk systems and applications.
· Provide education and advisory services to applications/systems/data owners and help them understand control objectives, control design, and how to evaluate control operational effectiveness.
· Assist in the acquisition and vendor compliance assessment, procurement and evaluation of vendors and products.
· Develop and manage the ’s third party risk and compliance management process.
· Maintains relationships with internal and external audit and compliance agencies to facilitate execution of audits.
· Assist with remediation efforts and recommendations as it relates to external and internal security audits.
· Review risk and control self-assessment results, and communicate with the application/systems/data owners key concerns and questions.
· Promotes and facilitates effective communication between the internal/external audit and information security team, IT operations and other departments and/or business units.
· Bachelors in Computer Science, Information Systems Security or related field.
· Certified Information Systems Security Professional (CISSP) ,Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) and Certified Chief Information Security Officer (C|CISO) desired.
· Minimum 4-6 years of experience in a similar role with a proven record of successful development and management of compliance management frameworks at a mid to large-scale enterprise environments.
· Experience developing frameworks and processes to drive a risk-based approach incorporating standard frameworks such as COBIT, ITIL, ISO and NIST into an enterprise compliance management process.
· Experience with policy and control development as it relates to meeting compliance requirements from relevant regulations such as SOX, FFIEC, PCI and others.
· Capable of establishing and maintaining an effective program structure that emphasizes the coordination of resources across projects, managing deliverables between projects and the overall costs and risks of the compliance program.
· Experience with the development of formal written reports to communicate audit results and recommendations to management and business stakeholders.
· Experience coordinating efforts between IT and external audit firms to assist in scheduling, resource planning, and remediation efforts.
· Maintain Information Security Risk Management and Compliance data repositories.
· Considerable writing proficiency, oral presentation skills, problem solving and decision-making skills.
· Excellent verbal and written communication skills, including executive-level presentations.
· Ability to deal effectively with a wide range of vendors, service providers, and regulatory agencies.
· Ability to facilitate productive meetings and work successfully in a team-oriented environment.
· Have the ability to work with technical and non-technical business owners to develop control solutions.
· Have the ability to handle multiple competing priorities in a fast-paced environment.
· Strong commitment to customer service.
· Ability to work well under minimal supervision.
· Some travel may be required for internal, conference, customer, partner and vendor meetings.