Manager, Information Security Governance & Compliance
Company: Consumer Cellular
Posted on: March 19, 2023
Manager, Information Security Governance & Compliance
(230107)Responsible for managing Consumer Cellular and IT
department Compliance and Governance program to include:
Information Security, PCI and ITGC / SOX controls, gap analysis,
maintenance, remediation and training on a compliance framework.
Own, coordinate, and execute the planning and performance of
regular control activities, while working directly with the
technical and business stakeholders, as well as internal and
external auditors, to identify appropriate risk factors, assess the
adequacy of existing controls and drive remediation of control
weaknesses to ensure compliance requirements are
- Build and manage the company's Information Security Compliance
programs, including PCI, SOC 2 and SOX, as well as other compliance
requirements as identified
- Lead the annual PCI compliance external audits
- Drive Compliance and Privacy Awareness and training efforts
throughout the organization
- Develop and maintain Information Security, Compliance, and
Privacy policies and standards.
- Oversee program and project management within Information
- Lead third-party assessments with external business partners
and across assigned services resulting in certifications and
attestations on time, within budget, while meeting key
- Work with process owners to develop and implement controls
which meet the control objectives
- Work with control owners to ensure testability of existing
controls and regularly validate that control activities are being
performed according to schedule.
- Oversee and drive remediation processes to address control
issues identified via security assessments or by auditors,
including tracking and managing remediation action plans in a
- Proactively identify existing and emerging IT risks that may be
of importance to the company's Executive Management and IT Steering
- Monitor processes and system configurations to ensure
compliance with internal policies and procedures. Assist in the
performance and organization of periodic access reviews
- Provide IT Management with status and performance reporting
related to information security, compliance risk and controls
- Assist in standardizing general controls across all
applications, including those managed outside of IT.
- Participate in the planning for disaster recovery and business
continuity management programs
- Develop KPI and KRI to manage team performance and key risk
that can impact organizational compliance and regulatory
- Lead IS projects and provide guidance/training to less
- Grow and develop IS GC team, as mandated
- Strong leadership, diplomatic and motivational skills including
the ability to lead up, across and down multiple business and
Preferred Qualifications and Experience:
- Bachelor's degree in Computer Science, Management Information
Systems or related technical field.
- Minimum of 6 years of experience in IT or IS Governance, Risk &
- Small team leadership experience, coaching, and performance
- Hands-on experience with managing third party compliance
assessments such as SOC 2, ISO 27001, and PCI-DSS
- Working knowledge and understanding of one or more compliance
obligation such as SOC 2, ISO 27001, PCI-DSS, NIST 800-53 as well
as Data Privacy Laws
- One of the following industry security certifications is
required: CISA, CISSP, or PCI-ISA
- Experience and knowledge with information security principles,
including risk assessment and management, threat and vulnerability
management, incident response, and identity and access management.
Technical proficiency with security-related systems and
applications, especially Firewalls, IDS/IPS, Vulnerability
Assessment tools, Endpoint solutions, Proxy servers, Security
Incident and Event Management Systems, Data
- Proficiency in IT Systems and understanding of Networking and
Computer Information Systems.
- Demonstrates accountability, leadership, and initiative in
complex projects, team building, and other tasks as assigned. Job
- Manage and lead one or more IS Governance and Compliance
- Excellent written and oral communication skills; ability to
communicate at all levels in the organization (with senior
management, with technical and business-oriented project staff,
with users and stakeholders).
- Ability to gain the confidence of the team as well as
Executive-level stakeholders by communicating regularly, keeping
commitments and delivering as promised.
- Ability to foster buy-in and cooperation through persuasion,
influence, and persistence.
- Strong time and project management skills required.
- Ability to work effectively independently
- Able to negotiate with peers and superiors to ensure the work
- Well-organized and capable of tracking, managing, and resolving
issues on multiple projects simultaneously.
- Self-motivated, professional, flexible, comfortable with
ambiguity in a diverse organizational environment.
- Continuous learner.
- Proficient skills and knowledge of servant leadership,
facilitation, situational awareness, conflict resolution, continual
improvement, empowerment, and increasing transparency.Primary
Location: United States-Arizona-ScottsdaleOther Locations: United
States-Arizona-Scottsdale, United States-Arizona-PhoenixJob:
Information TechnologySchedule: Full-timeShift: Day JobEmployee
Status: RegularJob Type: StandardJob Level: ManagerTravel: Yes, 10
% of the TimeJob Posting: Feb 23, 2023
Keywords: Consumer Cellular, Scottsdale , Manager, Information Security Governance & Compliance, Executive , Scottsdale, Arizona
Didn't find what you're looking for? Search again!
Loading more jobs...