Security Risk and Compliance Management Specialist III
United States - Remote•United StatesNorth America•April 27, 2024
Job Summary: Act as an advocate in development of overall information security program globally. Creates and performs global IT Risk and Compliance assessments. Assists in development and execution of information security, compliance, and risk best practices globally through audits, assessments, and policymaking. Work Location: Remote
Key Responsibilities:
- Assists in annual audits for industry specific reports, including ISO 27001, ISO 9001, ISO 14001, ISO 18001, IRAP-AUS, Cyber Essentials+, NHS-DSO, SOC1, SOC2, SOC3, PCI, HIPAA, HiTrust, CyberGRX.
- Ensure documents, projects, process, and product initiatives comply with regulatory and legal requirements and enterprise policy.
- Provide data and analytics in support of the risk officer and risk committees.
- Develop and recommend compliance solutions impacting the enterprise.
- Develop Risk Assessment process, charters, policies, methodologies, and reports.
- Participate in cross-functional workgroups, communication strategies, and planning meetings to develop solutions that meet the objectives of both the business and the IT Risk, Compliance, and Information Security team.
- Coordinate and respond to regulatory requirements and requests and ensure the execution of examinations.
- Conduct IT Risk and Information Security due diligence activities relative to vendors and third parties.
- Conduct risk assessments and documents findings where the deviation from an information security or IT Risk policy or standard is desired.
- Ensure risk remediation plans meet key business objectives and partners with the business owners to follows through with corrective action steps.
- Provide guidance on areas of security, privacy and regulatory compliance to Sales, Marketing, Product Development, Legal and Policy teams.
- Conduct analysis of risk rating, risk appetite, and provides data driven summaries to business leaders.
- Update internal control matrices where necessary to support annual changing environments.
- Executes the conduit between internal control owners and external auditors, including kickoff meetings, interview requests, closing meetings, and evidence gathering.
- Execute internal customer audits which include scheduling, presentation of the Rackspace compliance portfolio, and overseeing the successful visit in conjunction with Account Managers.
Qualifications:
- At least five years of related experience
- Bachelor’s degree in Computer Science, Computer Studies, Information Technology, Information Security or a related field.
- Prefer CISSP.
- Advanced knowledge gained through an IT Risk Management, Governance, Risk and Compliance, Information Security, Data Privacy, Vendor Management, and/or Business Continuity Management role in a global organization, professional services/consulting firm, or within a related industry.
- Understanding of Network Security, Data Center operations, build pipeline, and cloud infrastructure security.
- Deep understanding of Cloud Computing technologies and migration challenges.
- Ability to implement security controls, SCTMs. Technology/software sales, consulting, or equivalent skills.
- Ability to apply knowledge of vulnerability management, risk management assessment, and IA policy and procedures to develop, implement, and maintain a secure business environment.
- Discover your inner Racker: Racker Life