The role will manage and execute risk management functions, security project management, promote organizational security awareness functions and assist the Senior Manager of Global Information Security Risk and Compliance in policy development. In this role, the manager will also ensure the organization complies with statutory and regulatory requirements and standards regarding information storage, access, security and privacy. The ideal candidate will have a track record of success in the information security field and possess a solid understanding of information security methodologies. As well as regulatory and compliance requirements as they relate to all lines of business and across all functional areas within CareerBuilder.
- Function as point of contact and subject matter expert relating to IT Governance & regulatory compliance.
- Supporting activated incident management teams as a central resource for coordination
- Organizing and conducting exercises and tabletop simulations. Assist with documentation relating to exercise planning and facilitation, as well as, incident response activities
- Compiling, monitoring, analyzing, and reporting on applicable global threat monitoring results, trends and standards related to Incident / Crisis Management
- Day-to-day maintenance of Business Impact Analyses and Business Recovery Plans, including initiation, tracking, and audit of plan review and approval process
- Regularly audit BCM plans and incident response documentation for accuracy and completeness
- Help ensure that Business Resilience data and processes are aligned and integrated with other facets of the department, including disaster recovery, vendor risk management, crisis analysis and response and compliance
- Plan and perform IT Risk Assessments of business processes, applications, and services
- Maintain and report on security controls required by NIST, HIPAA-HITRUST, GDPR, PCI, SSAE-18 Type 1 SOC 2 , ISO 27001 & SOX and other regulatory requirements and security and privacy compliance frameworks
- Execute risk assessment and continuous compliance monitoring (auditing) of IT controls
- Coordinate IT participation in and follow-up on internal and external audits
- Assist in managing the planning, designing, writing, and finalization of policies, control framework and procedures to comply with NIST guidelines.
- Monitor remediation activity and verify control effectiveness for identified weaknesses
- Coordinate IT SMEs and documentation in preparation for customer or other authority audits
- Performs assessments of Third Party services providers including cloud services for adherence to best practices or known frameworks like NIST, etc.
- Plans, contracts for, and directs periodic disaster recovery tests, which requires reestablishing the information systems capability at a remote disaster site.
- Prepare and distribute reports to IT staff and management
- Provide consultation to IT staff in interpretation of audit observations and formulation of corrective action plans
- Oversee documentation, reporting, and closure of compliance or quality issues
- Provide interpretation and consultation to staff and project teams on regulations, guidelines, compliance status, and policies and procedures.
- Other duties as assigned
The above statements represent a general outline of principal job functions and should be not be construed as a complete description of all aspects and requirements inherent in this job.
- 3 - 7 years’ in IT, or Audit, including specialization in IT Security and/or a combination IT Compliance, IT Audit, and Information Security
- Five (5) years’ experience managing IT Compliance programs and monitoring, with specific emphasis on NIST/ ISO/ HIPAA/PCI/ SSAE-18 related requirements.
- Subject matter expertise with security and compliance lifecycles and industry frameworks, standards, and guidelines (NIST, FISMA, ISO, COBIT, ITIL)
- Experience and expertise in the development, execution, and maintenance of HITRUST compliance or equivalent HIPAA Experience.
- Bachelor’s degree in Computer/Information Science (or related BS degree).
- Must be able to build and leverage internal and external relationships, facilitate decisions and results at all levels of the enterprise, and drive strategies and projects to solution.
- Be able to provide manage a wide range of compliance issues relating information security; coordinate remediation efforts throughout the enterprise, analyze risks and implement mitigation actions;
- Demonstrated analytical and problem-solving skills applied to both technical and business challenges.
- Knowledge of applicable practices and laws relating to data privacy and protection.
- Knowledge of basic software programming paradigms and best practices inclusive of, but not limited to, Privacy by Design and OWASP.
- General knowledge of hardware systems and architectures, both traditional data center and public-cloud.
- SDLC operational lifecycle familiarity
- Ability to relate regulatory or framework requirements to multiple parties including engineering staff of both hardware and software.
- Project management experience.
- Experience in strategic planning, budgeting, consulting, and general industry experience.
- Proficient ability to react to high pressure dynamic changing environments.
- Proficient ability to effectively utilize resources throughout the organization as well as external vendors.
- Demonstrated effective leadership and communication skills.
- Experience working in a team-oriented, collaborative environment.
- Demonstrated results orientation, initiative, attention to detail, and customer service orientation.
- Excellent written, verbal and presentation communication skills
- Obtained or demonstrates an active pursuit of one or more of the following certifications: CISM, CISA, CGEIT, CRISC certifications, Project Management Professional (PMP) or other related certifications.
- 3-5 years' Project Management experience to include Participation in life cycle project implementations (from scoping/planning, requirements gathering, design, development, testing, launch and support).
This position will work with confidential and proprietary information that requires a signed Employee Non-Disclosure Agreement upon hire.