Manager, Information Security Governance & Compliance

Company: Consumer Cellular
Location: Scottsdale
Posted on: March 19, 2023

Job Description:

Manager, Information Security Governance & Compliance (230107)Responsible for managing Consumer Cellular and IT department Compliance and Governance program to include: Information Security, PCI and ITGC / SOX controls, gap analysis, maintenance, remediation and training on a compliance framework. Own, coordinate, and execute the planning and performance of regular control activities, while working directly with the technical and business stakeholders, as well as internal and external auditors, to identify appropriate risk factors, assess the adequacy of existing controls and drive remediation of control weaknesses to ensure compliance requirements are maintained.Responsibilities

• Build and manage the company's Information Security Compliance programs, including PCI, SOC 2 and SOX, as well as other compliance requirements as identified
• Lead the annual PCI compliance external audits
• Drive Compliance and Privacy Awareness and training efforts throughout the organization
• Develop and maintain Information Security, Compliance, and Privacy policies and standards.
• Oversee program and project management within Information Security
• Lead third-party assessments with external business partners and across assigned services resulting in certifications and attestations on time, within budget, while meeting key requirements
• Work with process owners to develop and implement controls which meet the control objectives
• Work with control owners to ensure testability of existing controls and regularly validate that control activities are being performed according to schedule.
• Oversee and drive remediation processes to address control issues identified via security assessments or by auditors, including tracking and managing remediation action plans in a centralized location
• Proactively identify existing and emerging IT risks that may be of importance to the company's Executive Management and IT Steering Committee
• Monitor processes and system configurations to ensure compliance with internal policies and procedures. Assist in the performance and organization of periodic access reviews
• Provide IT Management with status and performance reporting related to information security, compliance risk and controls effectiveness
• Assist in standardizing general controls across all applications, including those managed outside of IT.
• Participate in the planning for disaster recovery and business continuity management programs
• Develop KPI and KRI to manage team performance and key risk that can impact organizational compliance and regulatory requirements.
• Lead IS projects and provide guidance/training to less experienced staff.
• Grow and develop IS GC team, as mandated
• Strong leadership, diplomatic and motivational skills including the ability to lead up, across and down multiple business and technology organizations
  Preferred Qualifications and Experience:
  • Bachelor's degree in Computer Science, Management Information Systems or related technical field.
  • Minimum of 6 years of experience in IT or IS Governance, Risk & Compliance
  • Small team leadership experience, coaching, and performance management
  • Hands-on experience with managing third party compliance assessments such as SOC 2, ISO 27001, and PCI-DSS
  • Working knowledge and understanding of one or more compliance obligation such as SOC 2, ISO 27001, PCI-DSS, NIST 800-53 as well as Data Privacy Laws
  • One of the following industry security certifications is required: CISA, CISSP, or PCI-ISA
  • Experience and knowledge with information security principles, including risk assessment and management, threat and vulnerability management, incident response, and identity and access management. Technical proficiency with security-related systems and applications, especially Firewalls, IDS/IPS, Vulnerability Assessment tools, Endpoint solutions, Proxy servers, Security Incident and Event Management Systems, Data
  • Proficiency in IT Systems and understanding of Networking and Computer Information Systems.
  • Demonstrates accountability, leadership, and initiative in complex projects, team building, and other tasks as assigned. Job Competencies
    • Manage and lead one or more IS Governance and Compliance Analysts
    • Excellent written and oral communication skills; ability to communicate at all levels in the organization (with senior management, with technical and business-oriented project staff, with users and stakeholders).
    • Ability to gain the confidence of the team as well as Executive-level stakeholders by communicating regularly, keeping commitments and delivering as promised.
    • Ability to foster buy-in and cooperation through persuasion, influence, and persistence.
    • Strong time and project management skills required.
    • Ability to work effectively independently
    • Able to negotiate with peers and superiors to ensure the work gets done.
    • Well-organized and capable of tracking, managing, and resolving issues on multiple projects simultaneously.
    • Self-motivated, professional, flexible, comfortable with ambiguity in a diverse organizational environment.
    • Continuous learner.
    • Proficient skills and knowledge of servant leadership, facilitation, situational awareness, conflict resolution, continual improvement, empowerment, and increasing transparency.Primary Location: United States-Arizona-ScottsdaleOther Locations: United States-Arizona-Scottsdale, United States-Arizona-PhoenixJob: Information TechnologySchedule: Full-timeShift: Day JobEmployee Status: RegularJob Type: StandardJob Level: ManagerTravel: Yes, 10 % of the TimeJob Posting: Feb 23, 2023

Keywords: Consumer Cellular, Scottsdale , Manager, Information Security Governance & Compliance, Executive , Scottsdale, Arizona