PRI Technology
Director of IT Compliance
PRI Technology, Saint Paul, Minnesota, United States, 55101
I have a full time opportunity in Austin, TX for a Director of IT Compliance with one of our renowned global industrial clients who is building out their leadership team.This role will report directly to the Cyber Risk VP.This role will be 2 days onsite and 3 days remote.This opportunity comes with a generous base salary and employee benefits plan.
Responsibilities:Advise on effective risk mitigation strategies and ensures implementation of controls/processes to comply with the regulations.Function as the IT liaison with senior leaders and Internal/External auditors and consultants on Information Security and regulatory compliance engagements.Perform scoping assessments for upcoming regulations and inspection of relative technologies and oversee implementation by driving timely completion of risk related deliverables and issue resolution.Identify, prioritize and implement security strategy, initiatives, establish security goals, and create a roadmap for the organizationUnderstand third party risks as related to specific technology area/regulatory scope.Determine, develop, maintain, and publish corporate-level information security policies, standards, procedures, and guidelines, including incident response and compliance reporting procedures.Effectively engage with technology teams to gain full understanding of technology and the control environment.Manage the design, implementation, and maintenance of our IT Compliance Programs (SOX, PCI, eCommerce and Fraud Analytics).Identify, assess and report on risks, practice and projects to stakeholders across the organization.Lead regular risk assessments to identify and evaluate potential security threats and vulnerabilities.Identify vulnerabilities and security weaknesses across the enterprise and drive the resolution and mitigation of found errors/incidents enterprise wide.Work cross functionally with other department to implement architectures for systems, networks, and applications. Assist peer managers in understanding security and control deficiencies and responding to internal and external audit reports.Work with product teams to incorporate security and privacy by design into our products/servicesEngage in tabletop scenarios, penetration studies, threat analysis, vulnerability assessments, and security audit activities to ensure IT controls and security are effective.Build and report information security metrics that enable executive leadership to effectively assess performance of security program, controls, risk management, risk mitigation and justify technology investmentsEstablish and maintain third-party vendor risk assessment program. Conduct security reviews of potential third-party providers / acquisition targets.Accountable for monitoring emerging threats and security practices and recommending changes to security / compliance programs as needed.Coordinate validation discussions with second and third lines of defenseMaintains strong relationships with industry peers, partners, vendors, external agencies, and regulatory bodies.
Qualifications:Expert knowledge of Cyber/Information Security and compliance. Specifically in the areas of security architectures and associated technologies, security operation centers, security engineering, identity governance and administration/identity and access management (IGA/IAM), privilege access management (PAM), application security, governance, risk, compliance (GRC) and eCommerce fraud prevention.Working knowledge of cybersecurity technologies covering a global digital ecosystem.Direct global leadership experience (ideally in a matrix environment), as well as managing external resources.Bachelor degree strongly preferred in Information Security or equivalent. Master degree desirable.Has had the opportunity to implement information security strategies, policies, and procedures, ideally in a larger organization / enterprise wide.Identifies and measures global information security controls on critical business processes or channelsPrevious senior leadership exposure / comfortable engaging with senior level stakeholdersStrategic prowess and ability to see the big picture organizationally; ability to adapt accordinglyStrong relationship development skillsSelf-motivated, ability to work collaboratively across the organization and various domainsSolid analytical skills with the ability to solve problems and develop creative solutionsStrong organization, problem solving, and presentation skillsExcellent communication and interpersonal skillsStrong leadership, team management, and negotiation skills
Lori SklarskiSenior Technical Recruiter,
PRI TechnologyLori.sklarski@pritechnology.comDirect:(973)-354-2797Office: 973.732.5454 x27Cell: 973.432.9968www.pritechnology.comwww.pritechnology.com
Responsibilities:Advise on effective risk mitigation strategies and ensures implementation of controls/processes to comply with the regulations.Function as the IT liaison with senior leaders and Internal/External auditors and consultants on Information Security and regulatory compliance engagements.Perform scoping assessments for upcoming regulations and inspection of relative technologies and oversee implementation by driving timely completion of risk related deliverables and issue resolution.Identify, prioritize and implement security strategy, initiatives, establish security goals, and create a roadmap for the organizationUnderstand third party risks as related to specific technology area/regulatory scope.Determine, develop, maintain, and publish corporate-level information security policies, standards, procedures, and guidelines, including incident response and compliance reporting procedures.Effectively engage with technology teams to gain full understanding of technology and the control environment.Manage the design, implementation, and maintenance of our IT Compliance Programs (SOX, PCI, eCommerce and Fraud Analytics).Identify, assess and report on risks, practice and projects to stakeholders across the organization.Lead regular risk assessments to identify and evaluate potential security threats and vulnerabilities.Identify vulnerabilities and security weaknesses across the enterprise and drive the resolution and mitigation of found errors/incidents enterprise wide.Work cross functionally with other department to implement architectures for systems, networks, and applications. Assist peer managers in understanding security and control deficiencies and responding to internal and external audit reports.Work with product teams to incorporate security and privacy by design into our products/servicesEngage in tabletop scenarios, penetration studies, threat analysis, vulnerability assessments, and security audit activities to ensure IT controls and security are effective.Build and report information security metrics that enable executive leadership to effectively assess performance of security program, controls, risk management, risk mitigation and justify technology investmentsEstablish and maintain third-party vendor risk assessment program. Conduct security reviews of potential third-party providers / acquisition targets.Accountable for monitoring emerging threats and security practices and recommending changes to security / compliance programs as needed.Coordinate validation discussions with second and third lines of defenseMaintains strong relationships with industry peers, partners, vendors, external agencies, and regulatory bodies.
Qualifications:Expert knowledge of Cyber/Information Security and compliance. Specifically in the areas of security architectures and associated technologies, security operation centers, security engineering, identity governance and administration/identity and access management (IGA/IAM), privilege access management (PAM), application security, governance, risk, compliance (GRC) and eCommerce fraud prevention.Working knowledge of cybersecurity technologies covering a global digital ecosystem.Direct global leadership experience (ideally in a matrix environment), as well as managing external resources.Bachelor degree strongly preferred in Information Security or equivalent. Master degree desirable.Has had the opportunity to implement information security strategies, policies, and procedures, ideally in a larger organization / enterprise wide.Identifies and measures global information security controls on critical business processes or channelsPrevious senior leadership exposure / comfortable engaging with senior level stakeholdersStrategic prowess and ability to see the big picture organizationally; ability to adapt accordinglyStrong relationship development skillsSelf-motivated, ability to work collaboratively across the organization and various domainsSolid analytical skills with the ability to solve problems and develop creative solutionsStrong organization, problem solving, and presentation skillsExcellent communication and interpersonal skillsStrong leadership, team management, and negotiation skills
Lori SklarskiSenior Technical Recruiter,
PRI TechnologyLori.sklarski@pritechnology.comDirect:(973)-354-2797Office: 973.732.5454 x27Cell: 973.432.9968www.pritechnology.comwww.pritechnology.com