Security & Compliance Job Description
Security & Compliance Duties & Responsibilities
To write an effective security & compliance job description, begin by listing detailed duties, responsibilities and expectations. We have included security & compliance job description templates that you can modify and use.
Sample responsibilities for this position include:
Security & Compliance Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Security & Compliance
List any licenses or certifications required by the position: CISSP, ISO, CISA, CISM, ITIL, ISO27001, ITSM, SAE18, PCI, HMG
Education for Security & Compliance
Typically a job would require a certain level of education.
Employers hiring for the security & compliance job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Education, Information Security, Business, Information Systems, Information Technology, Engineering, Management, Technical, Management Information Systems
Skills for Security & Compliance
Desired skills for security & compliance include:
Desired experience for security & compliance includes:
Security & Compliance Examples
Security & Compliance Job Description
- Candidate will participate in other security projects involving Corporate Security, as needed, such as participating in compliance and risk meetings, reviewing vendor assessments for security requirements
- Accurately interpret audit results against defined criteria
- Provide a written and verbal report of audit findings
- Provide Support for internal and external auditors and examiners by preparing reports, gathering information and answering questions
- Enjoy delivering a professional Information Security service to Colleagues
- Successful completion of allocated tasks
- Development into an Information Security professional
- A confident leader and communicator with the ability to influence and act as an ambassador representing directly at board level both internally and with clients
- Self-motivated – personal drive and enthusiasm to continually improve
- Clearly demonstrates the appropriate behaviour in keeping with a customer facing, management role
- Knowledge of physical security systems (access control, alarm, CCTV etc)
- Knowledge of the Customer Security Document creation process from contract signature through the completion of implementation into steady-state
- Knowledge of GTS Global Processes and the ability to provide guidance and education on the GTS processes
- An excellent understanding of PCI and SOX and the requirements that must be met by the business and its partners in order to well protect card holder information and GCC with respect to financial information systems respectively
- Have managed 3 to 5 PCI audits and worked with both IT and business teams to ensure that all requirements are met on an annual basis and that the business achieved documented compliance
- IT technical background (eg
Security & Compliance Job Description
- Daily review of Firewall Security Logs
- Assist in remediation and scheduling of Firewall deficiencies
- Daily review of Anti-Virus Logs
- Assist in remediation and scheduling of Anti-Virus deficiencies
- Daily review of intrusion prevention and detection logs
- Assist in remediation and scheduling of intrusion prevention and detection
- Daily review of Server Logs
- Assist in the remediation and scheduling of Server issues
- Enforce and comply with licensing compliance
- Provision storage as needed to the infrastructure
- Higher education in the field of Computer Science or Information Assurance
- 5+ years of compliance/audit experience in either consulting or enterprise security department (CISSP/CISA helpful)
- Experience in security and infrastructure protection and/or information security audit and compliance
- Refined knowledge of information security standards, frameworks, and assessment methodologies
- Ability to translate IT systems risk to all levels of the organization in a clear and concise manner
- Take a global view
Security & Compliance Job Description
- Evaluates and recommends security software and hardware, encryption methods, authentication servers, and control techniques needed to secure data and information systems
- Project-manage the Information Security and Privacy portfolio of initiatives
- Coordinate 3rd party audits of TokBox, including pentests, vulnerability tests and SOC2 audits
- Assess and track compliance with regulatory and legal requirements relevant to the TokBox business
- Assist in pre-sales efforts relating to Customer due diligence of TokBox InfoSec program
- Assist Legal with contract reviews of security schedules
- Manage privacy incident response and coordinate remediation activities
- Maintain information security and privacy policies
- Manage the business continuity and disaster recovery programs
- Responsible for SAP license utilization and optimization
- You understand the impact of a highly satisfied, excited crew
- Able to work both independently collaboratively achieving results within established time frames with minimal supervision
- Significant knowledge and demonstrated competence with both Agile and Waterfall project management processes, methods, and standards
- Be involved in working directly with delivery teams in contract programs throughout Public Sector to implement security configurations for infrastructure systems, end point devices, and application systems
- You will work with security practitioners, architects, infrastructure engineers, applications developers, business partners & other stakeholders to implement appropriate security solutions for security compliance
- Analyze technology industry & market trends to identify key partners and develop go-to-market approaches for security configuration compliance and vulnerability management solutions
Security & Compliance Job Description
- Ensure that all Nespresso Switzerland partners and third-party providers comply with Nestlé Information Security Policies & Principles
- Access re-certification for HR systems
- Actively coordinates the internal and external audits
- Ensures an adequately staffed and trained guard force and directs their activities
- Assists, advises, and guides all departments and/or Corporate Security regarding security regulations and procedures or compliance regulations and procedures
- Coordinates contacts with outside law enforcement agencies or outside regulatory agencies
- Collaborate on security improvements to systems, networks and applications by assessing current solution, performing gap assessments, anticipating future requirements, and providing actionable recommendations
- Create architecture and provide security leadership of cloud, application, identity and access management, end user device, and web services security controls, configurations, and best practices
- Work with the ongoing mergers and acquisitions to ensure that they are designed and migrated securely
- Participate in incident response activities and provide forensics data or guidance as needed
- Function as a key contributor for security configuration and A&A activities in project delivery
- 5+ years of SCAP experience
- 7+ years of hands-on experience in STIG configuration implementation, compliance, and remediation for network infrastructure, servers (Windows, Linux, Unix) and workstations, mobile devices, printers
- 4+ years’ experience with using RedHat Satellite Server to deploy patches, software updates, and configuration deployment
- Strong expertise in Active Directory security and Power Shell scripting
- Experience with NSA system hardening guide
Security & Compliance Job Description
- Work with IT and Business operations to promote and educate on service capabilities
- Assesses security needs and capabilities of the organization and creates a plan of action
- Prepares regular reports to IT management concerning the current state of security measures and makes recommendations for improvement as required
- Works with existing policies and procedures to identify, recommend and develop revised policies and procedures relating to information security as appropriate
- Maintains and revises the overall security program
- Identifies and provides information security awareness training as appropriate
- Thorough knowledge of formal project management techniques and tools through training and direct experience (MS Project or other project scheduling tools)
- Works with IT management, risk managers, corporate compliance and in-house legal counsel to perform and maintain risk assessment concerning system down time, unwarranted system access and general risk levels
- Works with internal and external auditors to response to needed requests, suggestions and security related findings
- Works closely with cross functional IT teams to understand the security architecture and coordinates the implementation of changes in security once approved by management
- Hands-on system configuration management, configuration policy deployment and enforcement, and vulnerability mitigation
- 4+ years of software packaging experience
- 4+ years of server and workstation image development and maintenance
- An overall 8 years in the Information Security field with audit and/or compliance experience a plus direct, hands-on experience developing security metrics reports experience in identifying and integrating best practices into an information security program
- Experience managing security related projects and meeting critical deadlines
- Excellent organizational skills and critical attention to detail and deadlines