The Hertz Corporation
General Responsibilities Job Purpose The Compliance & Controls Manager for Hertz is responsible for ongoing collection of deliverables required for annual Payment Card Industry (PCI) Compliance assessments and for compliance assessments of additional security frameworks, such as, but not limited to, Sarbanes-Oxley Section 404 and ISO27000 standards. The position contributes to security research and development, product evaluations, consulting, project support, and any other operational tasks needed to support the overall requirements of the program and strategy. The Compliance & Controls Manager conducts regular risk assessments on IT operational processes, procedures and policies, analyzes findings, and prepares and presents risk assessment reports. Key Result Areas Act as main point of contact for the receipt of compliance deliverables. Manages compliance program and ensures all required controls are performed timely by respective control owners in an auditable fashion. Serves as a primary contact and liaison for external auditors and QSAs. Provide subject matter expertise on Information Security policies, PCI, SOX, EU GDPR and security best practices. Monitors for changes to PCI requirements, industry developments, and security framework and regulation changes, and guides organization accordingly to sustain continuous compliance. Identifies and analyzes changes to business processes and infrastructure for impact on company\u2019s compliance with PCI and other requirements, and provides guidance and recommendations for maintaining secure and compliant environment. Conducts risk assessments, security and compliance assessments on IT operational processes, procedures, and policies; interprets audit results and makes conclusions on the adequacy and reliability of controls; prepares and presents reports as necessary. Develops, implements, and maintains IT Compliance controls; reviews existing IT compliance controls for regulatory updates and performs the necessary gap analysis. Assist in the design of security controls, policies, and procedures. Assist in the implementing of enterprise security controls. Identifies and analyzes changes to business processes and infrastructure for impact on company\u2019s compliance with PCI and other requirements, and provides guidance and recommendations for maintaining secure and compliant environment. Provides guidance and subject matter expertise to IT and business teams on processes, controls and objectives around audit and information security activities, best practices and process improvement, and manages assessment reporting and remediation activities. Supports daily operational security activities such as responses to client inquiries regarding the information security program as required. Works with IT and business Management to create clear, actionable plans detailing specific deliverables, timelines and accountability to resolve information security issues. Automate and streamline processes. Develop and document security compliance processes and procedures. Develop and document risk assessment processes and procedures. Contribute to all security risk and compliance metrics for various and regular presentations and other reporting requirements. Contribute to projects internal to Hertz as needed. Assist with general administrative activities in collaboration with all team members. Prepare project plans and associated documentation. Prepare status reports and other management metrics as needed. Act as the liaison with other departments within Hertz. Other duties as assigned. *LI-CR1 Mandatory Requirements Educational Background: Bachelor\u2019s Degree in Computer Science, Information Technology, Security or equivalent combination of education and experience required. Professional Experience: 7 years of experience working within Information Security programs focused on compliance with policies, procedures, and industry regulations. One or more of the following security certifications is desired (CISSP, CRISC, CISM, CISA, PCI QSA, or PCI ISA). Knowledge: Project management Understanding of information systems and security infrastructure Working knowledge security framework models such as ISO 27000 series, COBIT, etc. Skills: Excellent interpersonal skills, including teamwork, facilitation and negotiation Excellent written and verbal communication and presentation skills with the ability to explaincomplex concepts Strong leadership skills Excellent analytical, planning and organizational skills Highly self-motivated and directed with an attention to detail Highly effective at building relationships and fostering a collaborative environment Ability to work independently in a multi-task environment. Proficient with MS Office Tools Ability and willingness to adapt and learn new skills quickly. Possess a flexible, proactive, can-do attitude. Ability to take initiative and exercise judgment Preferred Requirements Hertz is a Drug-Free Workplace. All offers are contingent on successful completion of drug and background screening. EEO\/AA: Females\/Minorities\/Disabled\/Vets
The Hertz Corporation
Website : https://www.hertz.com
Thank you for your interest in The Hertz Corporation. Here you will find information including current facts, figures, and historical data that allow you to learn more about the company from which you're renting a car or truck or equipment, or leasing a vehicle. Visit us often for informative updates! Click on Hertz Companies and find out about all of Hertz' subsidiaries and divisions-Hertz Rent A Car, Hertz Equipment Rental Corporation, Hertz Local Edition® (HLE), Hertz Car Sales®, or Hertz Truck and Van or Hertz Leasing. So whether you're renting a car or thinking about buying one, here you will find everything you need to know. Click on What's New and find out about our latest service or enhancement. Click on Hertz History, and you will discover things you may not have known about the company that has been #1 since it started in 1918.