Information Security Compliance Job Description
Information Security Compliance Duties & Responsibilities
To write an effective information security compliance job description, begin by listing detailed duties, responsibilities and expectations. We have included information security compliance job description templates that you can modify and use.
Sample responsibilities for this position include:
Information Security Compliance Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Information Security Compliance
List any licenses or certifications required by the position: CISSP, CISM, CISA, HITRUST, CRISC, PMP, ISO27001, ISO, HIPAA, CGEIT
Education for Information Security Compliance
Typically a job would require a certain level of education.
Employers hiring for the information security compliance job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Information Security, Education, Information Technology, Information Systems, Business, Technology, Management Information Systems, Engineering, Management
Skills for Information Security Compliance
Desired skills for information security compliance include:
Desired experience for information security compliance includes:
Information Security Compliance Examples
Information Security Compliance Job Description
- Focus on documenting and auditingsecurity controls on in-scope systems in context of ISO-27001 certification and NIST 800-53 security program
- Assists VP, InfoSec Compliance facilitating external audits and providing direct assistance to internal teams in various types of engagements
- Build and maintain relationships with IT and Business to ensure an understanding of technology strategies, infrastructure, and applications
- Maintain team that can provide security and privacy consulting expertise at all layers of the technology stack
- Drive change and innovation in the tools and processes used to perform our work
- Build and deploy process in a governance, risk, and compliance system
- Advise on best tools, processes, practices and standards to ensure effective and efficient assessment processes
- Analyze workflows, staffing, and related metrics to improve efficiency and performance
- Hire and coach team members with an emphasis on training, motivating, and retaining top employees to ensure a high performing team
- Assure compliance with policies, standards and controls
- CISA , CISSP, PMP,CRISC or other relevant designation required
- Bachelor’s degree in and 5 years of experience in IT security or other related discipline or an equivalent combination of education and work experience
- In-depth knowledge of security-related technologies, such as Cisco PIX firewall OS, Nokia Checkpoint firewall OS, TCP/IP, DNS, SATAN, CyberCop, ISS, nmap, IBM Secure Way, and/or Web Single Sign-On (SSO)
- Proven ability to collaboratively plan, document, and deploy IT security operational best practices/processes
- Deep understanding of security technologies and methods as they apply in an enterprise environment
- Broad understanding of retail business processes, business applications, data flows, and requirements desired
Information Security Compliance Job Description
- Analyze, research, develop, compose, and/or edit compliance policy and procedure documents according to Turner's standards
- Responsible for managing, monitoring, and coordinating information security policy exceptions and risk acceptance requests
- Issue and track policy violations
- Provide escalation and enforcement for unresolved noncompliance issues
- Partner with the Information Security Training & Awareness team to create content and strategy for training and awareness initiatives
- Partner with Legal to promote data retention schedules and guidelines
- Partner with organization stakeholders and Information Security leads to ensure compliance on IT security policy / standards implementation
- Work closely with IT leaders, technical experts, product managers and customer facing executives - provide compliance related consultancy and guidance while presenting an in-depth understanding of the IT environment, the challenges of the units, the research landscape and regulations
- Possesses extensive discipline expertise in project management of complex technical programs
- Serves as a lead resource for dealing with challenging technical issues and incidents
- 6-8 years of information security experience and a strong knowledge of security standards
- Experience implementing PCI standards
- Hold a valid passport and able to travel periodically on business assignments
- 3-5 years of experience in information technology in an area such as
- Strong knowledge of risk management frameworks including
- Of the following certifications is required
Information Security Compliance Job Description
- Provide centralized governance for all business unit leads
- Champion RSA Archer platform and engineering effort, operations and onboarding additional modules
- Build automation and integration with other products via multiple solutions such as API, Database
- Drive a common technology model to ensure cross enterprise functionality
- Evangelize security best practices and business unit security ownership across the organization
- Partners with technology and business leaders to help drive the global information services strategy with a specific focus on global information security
- Ensures system compliance with governmental requirements
- Works collaboratively with technology outsourcing vendors to ensure delivery and compliance
- Responsible for security architecture, systems integration, network design, compliance, auditing, penetration testing, risk evaluation and assessments, mobile device management, entrusion detecting, single sign-on management, risk, and fraud prevention
- Creates and manages technology operational expense (OPEX) and capital expense (CAPEX) plans
- BS in Computer Sciences, Engineering or Sciences
- Senior level experience and understanding of relevant regulations, laws and policies across multiple IT compliance domains (SOX, GxP, Privacy, InfoSec, ) gained from career experience
- Good Understanding of Risk and Compliance Marketplace
- At least 4 years’ IT security working experience in a multinational company
- Anti-malware system experience
- ISO27001 projector experience preferred
Information Security Compliance Job Description
- Coordinates with Tower Compliance SMEs to implement strategic IT controls
- Reports to the Senior Vice President, Infrastructure Operations, and provides metrics on the state of operational functions of compliance activities
- Escalates project work that arises from Compensating Controls found from audits
- Develops effective line management relationships to ensure strong understanding of the business, and associated IT functions
- Manages a team of Compliance Coordinators, who oversee the IT aspect of corporate audits and compliance activities
- Organizes meetings with internal and external parties to accomplish project plans, goals, and deadlines, and modifies work plans and timelines as required
- Develops communication and outreach materials to market project and program activities
- Prepares project, status, and ad hoc reports to keep management abreast of project progress, problems, and solutions
- Reviews project deliverables for accuracy, adherence with project scope, and quality standards
- Assists senior staff in partnering to identify and prioritize opportunities for utilizing IT to achieve the goals of the enterprise
- Familiar with IT infrastructure operations in the areas of Enterprise Server Administration (Windows), Network Design and Administration (WAN and LAN), Routers and Switches, Network Security like Firewall, Anti-malware System, Data Centre management and Desktop Systems
- Good command in English and Chinese (Cantonese and Mandarin)
- Knowledge of and experience in developing and implementing information security policies and processes, preferably with global experience
- Good knowledge of an information security and privacy frameworks and compliance requirements for standards and regulations such as GLBA, ISO27001, and/or PCI
- Must have sold enterprise wide 'operational' risk management & regulatory compliance 'services'
- Need to have in-depth knowledge of Information Systems controls
Information Security Compliance Job Description
- Partner with business and technology teams to assess and develop appropriate security requirements
- Knowledge of the CIS top 20 controls and how they apply to on premise and cloud environments
- Conduct technical and business reviews for security flaws or vulnerabilities
- Provide consistent and professional requirements to project teams
- Ability to track and maintain multiple projects and deliverables
- Report the levels of IT compliance risk and control effectiveness to key stakeholders such as IT-business unit management, senior management, legal management, internal/external auditors, and so on
- Monitor remediation effort of IT compliance control deficiencies
- Identify any gaps between the desired level of compliance and monitor the current level of maturity
- Be an advocate to the Business relative to meeting compliance objects
- Audit review (internal/external)
- Experience managing PCI compliance programs as a QSA or ISA for a Level 1 Merchant
- Proven experience in regulatory compliance, IT audit, Information Security, IT Operations
- Proficiency working with recognized IT Security-related standards, technologies and countermeasures
- Proficiency with industry frameworks such as ISO 27001/27002 and SOX ITGC's
- Network Security & Forensics
- System Hardening - Windows & Linux