Information Security Compliance Manager (Hybrid)

Summary:  

The Information Security Compliance Manager is responsible for the development, monitoring, and governance of a collection of best practices, known as cyber security quality standards, and regulatory compliance requirements inclusive of a roadmap and programs. The Manager applies industry standard practices while formalizing programs that support security strategic, tactical and operational objectives of IT, and the organization as a whole.  

Duties and Responsibilities:

• Enhance the information security program to ensure enterprise level framework defines, implements, and enforces policies, standards, and practices to protect information, resources, and the overall organization.  

• Lead information security and compliance actions to ensure AAA National Office and Clubs are in compliance with various standards, including but not limited to, the Cyber Security Quality Standard (TQS#5), Payment Card Industry Data Security Standard (PCI-DSS), California Consumer Privacy Act (CCPA), and other standards as required.  

• Develop and execute security risk assessments and security audits based on industry frameworks, such as, NIST 800-53, NIST Cybersecurity Framework, ISO/IEC 27002, COBIT, and ISO 27001. 

• Enhance and deliver solutions for managing the risk of enterprise systems, applications, networks, and data through policies and controls, risk assessments, and exception management. 

• Lead the identification, development, and maintenance of information security department reporting metrics and dashboards.  

• Coordinate the planning and delivery of information security projects in collaboration with stakeholders and technologists and create a culture that manages information as an enterprise asset.  

• Collaborate with Information Technology, Human Resources, and Legal departments to create, implement, and maintain security standards in accordance with policies, processes, and procedures that ensure security compliance. 

• Identify, standardize, and report the governance of information and analytics in support of the enterprise’s security strategy and cyber security position. 

• Perform other related duties, tasks, requests, and directives issued by management, as required.  

• Attendance is required as approved by the Director. 

Requirements, Competencies and Certifications:  

• One or more of the following industry certifications preferred: 

  • Certified Information Systems Security Professional (CISSP) 

  • Certified Information Security Manager (CISM) 

  • Certified Information Systems Auditor (CISA) 

  • Certified Information Privacy Professional (CIPP) 

  • Advanced degree or masters in computer systems or equivalent 

• Encourages and supports the success of others. 

• Demonstrates an awareness of strengths, limits, and areas to improve. 

• Openly shares and solicits ideas through dialogue; is clear about intentions. 

• Uses time effectively; anticipates obstacles, adjusts priorities as needs change and keeps others informed of progress. 

• Aligned with our commitment to inclusion across race, gender, age, religion, identity, and experience – a value that drives AAA forward every day.  

• Strong written and oral communication.  

• Strong time management and organizational skills. 

• Excellent interpersonal skills, be self-motivated, and be adaptable in a fast paced, dynamic, deadline-driven environment. 

• Advanced understanding of risk concepts including risk identification, mitigation, and measurement primarily with NIST 800-53 standards, Payment Card Industry (PCI), Data Security Standards and California Consumer Privacy Act (CCPA) or related concepts. 

• Strong understanding of audit methodology, privacy, and regulatory requirements pertaining to information security. 

• Understanding of industry guidelines, laws, and privacy concepts including HIPAA, GDPR, and SSAE 18 Audit Standards.  

• Experience in advanced technology, including cloud control requirements and threat management. 

• Must be able to work in a collaborative team environment with individuals at appropriate levels of the Organization. 

• Ability to lead continuous improvement concepts and to effectively incorporate those skills into day-to-day work. 

• Effective negotiation skills. 

• Good verbal and written communication, facilitation, and interpersonal skills. 

• Project management experience highly preferred. 

Minimum Education & Experience:

• Bachelor’s degree in Computer Science, Business Administration, or related field, and; 

• A minimum of eight (8) to ten (10) years of experience in security compliance, enterprise risk management, security, or a related field, or; 

• Associate’s degree in Computer Science, Business Administration, or a related field, and; 

• A minimum of ten (10) to fifteen (15) years of experience in security compliance, enterprise risk management, security, or a related field. 

AAA National supports a flexible work environment for our associates. We are committed to collaboration, innovation and work-life balance, and offer a hybrid work model of three days in-office, and two days at home (or wherever you work best) each week.