• Senior Information Security and Compliance Specialist

    Job Locations US-TX-Austin
    Posted Date 4 months ago(10/1/2018 10:14 AM)
    Job ID
    2018-1478
    Category
    Product & Technology
    Department
    Product and Technology
    Type
    Full-Time Employee
  • Overview

    The Senior Information Security and Compliance Specialist reports to the Director of Information Security and Compliance, and contributes to maintaining and continuously improving AllClear ID's security posture in the areas of security & privacy program management and implementation of related procedural controls.

     

    This includes ensuring that internal policies and procedures address relevant compliance requirements and identified risks, and consulting with all departments across the business on their implementation; facilitating internal and external audits; supporting the client-facing side of the business with security- and privacy-related inquiries; managing security due diligence for AllClear ID's supply chain; running AllClear ID's security and privacy awareness programs; executing procedural security and privacy controls; and maintaining the related programs, frameworks, and metrics.

     

    Responsibilities shared with the other members of the team include participation in security monitoring activities, advisory functions to the business, process documentation, measurement of program and controls effectiveness, incident response planning, and vulnerability management. The Senior Information Security and Compliance Specialist promotes information security as a desired function that is integral to the business.

    Responsibilities

     

    • Contributes to management of AllClear ID’s security program; including the maintenance of policies, procedures, processes, and metrics, as well as controls mappings across different compliance frameworks
    • Articulates complex information security concepts to non-technical employees clearly while accurately portraying risks and threats to the company
    • Leads initiatives for internal and external audits, compliance, and regulatory activities, aligning with standard frameworks, such as ISO/IEC 27001, HITRUST, PCI DSS, GDPR, etc.
    • Serves as liaison for client-facing teams, and responds to and resolves due diligence, audit, and other information security requests from clients and partners; collaborates with AllClear ID’s legal team on contractual information security provisions
    • Maintains and executes AllClear ID’s information security and privacy supply chain management – performs onboarding and reoccurring due diligence reviews according to documented processes, documents outcomes, tracks outstanding mitigation and review items to resolution, and maintains and improves the related processes
    • Evaluates the compliance of infrastructure components and operational processes with information security and privacy policies and standards, prepares documentation of the results, and tracks resulting non-conformities and mitigation measures to resolution
    • Administrates an organization-wide, multimodal security and privacy awareness program that addresses baseline security hygiene, industry trends and best practice, and organization-specific risks and behavioral patterns
    • Leads inter-departmental and organization-wide initiatives to implement new or improved security and privacy controls, resulting in timely and effective completion
    • Contributes to data mapping, retention, and other privacy management activities
    • Works with risk and technology/process owners to perform security and privacy risk assessments, maintains risk registers and risk management processes
    • Maintains compliance monitoring procedures, and assists stakeholders across the business in resolving security policy issues, maintaining compliance, and implementing security procedures
    • Contributes to the maintenance, testing, and improvement of security and privacy incident response plans, procedures, and processes
    • Leverages experience, critical thinking, and analytical skills to find inventive and effective solutions to information security problems
    • Stays informed about information security trends, directions, and technologies in relevant industries
    • Contributes to security monitoring, vulnerability management, and security incident response efforts in coordination with other members of the team

     

    Minimum Qualifications

    Knowledge/Skills/Abilities:

    • Foundational understanding of information security principles
    • Working experience and familiarity with common security and privacy industry standards (for example, ISO/IEC 27001, PCI DSS), audit frameworks (for example, SOC1/2), and regulatory frameworks (such as, HIPAA, FISMA); HITRUST and GDPR are a plus
    • Experience in development and execution of information security, compliance, and risk management best practices, policies, procedures, processes, and reporting metrics in a global environment
    • Experience with supply chain due diligence
    • Experience with performing risk assessments and maintaining risk registers
    • Experience preferred in facilitating, preparing for, managing, and hosting external audits by clients, registrars, and regulators; including scheduling, kickoff meetings, evidence gathering, coordination and preparation of interviews with control owners, presentation of compliance portfolio, and overseeing successful site visits
    • Experience administering security and privacy awareness training; ability to communicate the value of compliance and information security within the organization
    • Ability to create and maintain internal control matrices to demonstrate compliance with various frameworks and requirements, adapt to changing environments and processes, and measure the maturity of the information security program
    • Ability to conduct internal audits against internal and external standards, and develop and perform internal controls testing against documented processes
    • Ability to advise on, evaluate, monitor, and ensure compliance with information technology and security policies, standards, guidelines and relevant legal and regulatory requirements
    • Ability to participate in cross-functional workgroups and planning meetings to promote ideal solutions that meet the objectives of both the business and the information security team
    • Ability to support business partners in dealing with current and prospective clients
    • Ability to handle simultaneous tasks while demonstrating urgency and ownership to drive projects to completion
    • Excellent written and oral communication skills with the ability to work with other departments and varying levels of management
    • Ability to promote sharing of expertise through consulting, presentation, and documentation
    • Ability to assist in training other information security and compliance staff
    • Solid project management skills
    • Adept at critical thinking and a relentless self-learner who thrives in a highly dynamic, results-driven environment

     

    Education/Experience:

     

    • BA/BS degree or equivalent experience
    • CISA, CISSP, CISM, and/or equivalent industry certifications preferred
    • 5+ years of experience focused on information security governance, standards, and compliance; in addition, privacy management experience is a plus
    • 3+ years of experience in directly participating in and facilitating security program management against multiple common industry standards, such as ISO/IEC 27001, HITRUST, PCI DSS, NIST standards, etc.

     

    AllClear ID is an Equal Opportunity Employer/Veterans/Disabled.

    There is no relocation reimbursement or Visa sponsorship available for this position.

    Options

    <p style="margin: 0px;">Sorry, the Share function is not working properly at this moment. Please refresh the page and try again later.</p>
    Share on your newsfeed