Location
Santa Monica, CA, United States
Posted on
Mar 29, 2014
Profile
Job Responsibilities
Lead Program Management of compliance programs (SOX, PCI, Breach & Disclosure, OFAC, DMCA, etc.)
Lead and perform internal audit role, remediation of deficiencies and propose design enhancements
Ensure project documentation is complete, current, and stored appropriately.
Coordinate and conduct quarterly enterprise risk assessments leveraging the Information Security Manager and Security Engineers based on the Information Security Policy, supporting Standards and Procedures, compliance requirements, adherence to Information Security best practices and standard business risk mitigation. Coordinate across business and IT teams to conduct and risk assessments.
Document findings in risk analysis report. Work with InfoSec team members, business units and IT counterparts to document risk treatment plans.
Develop, manage and maintain enterprise data flows, (entity level, by business unit, and by compliance regulated data type).
Update data flows quarterly through the risk analysis process. Participate in security event investigations producing incident response documentation and ensure that corrective actions are implemented.
Assist with the development, implementation, training and auditing of the Information Security Program and governing Policy, Standards and Procedures.
Assist Information Security Awareness Program communicating and championing policy, standards and procedures enterprise wide Creation of training materials
Lead auditing to adherence to the Policy, Standards and Procedures enterprise wide
Assist auditors, consultants, customers and other third parties with information security questionnaires, reviews, investigations, etc. Communicate audit and review results to appropriate parties; ensure that issues are addressed and corrective actions are implemented.
Report to management the effectiveness of data security as implemented by internal and external business partners and make recommendations for the adoption of new procedures or controls
Participate in proactive research and provide recommendations for continuous improvement.
Foster good working relationships with business unit managers, IT and engineering counterparts to ensure the organization meets its objectives in a risk controlled manner.
Perform other tasks as directed by the Information Security Manager
Minimum Requirements
Applicable BS/BA degree and 5 - 10 years of work experience
Experience designing compliance programs and internal auditing.
SOX, PCI, data breach notification laws and European Union laws required
CISA, CISM and/or CISSP
Understanding of network architectures and design, administrative, technical and physical security controls, Windows Active Directory, Windows-Linux server, desktop operating systems; database and application architecture, etc. is required.
Highly proficient with Microsoft Office Suite and Visio is required.
Experience in working across multiple organizational teams / business units conducting risk assessments and threat modeling.
Must have an understanding of business, accounting, finance and legal.
Ability to think through complex problems, determine proper analytical processes and procedures, independently derive conclusions and present results to management.
Proven track record of working collaboratively on compliance and security initiatives.
Outstanding written and oral communication skills is required.
Excellent technical writing skills is required.
Must be able to summarize and communicate technical data to a non-technical audience.
Must be highly motivated with a strong work ethic and able to work effectively under minimal supervision.
Must be team-oriented, placing priority on the successful completion of team goals.
Company info
Sign Up Now - ComplianceCrossing.com