AMVETS Jobs

Information Security Compliance Manager

Direct Hire

Hybrid Schedule

Qualifications:

• Bachelor's degree in information technology, computer science, or a related field.
• 5 years minimum experience
• Relevant certifications such as CISA, CISSP or CRISC
• Experience in conducting compliance assessments and audits.
• Experience in IT compliance, risk management, or related roles.
• Expertise in IT processes, controls, and security best practices.
• Solid understanding of IT compliance frameworks, regulations, and industry standards such as GDPR, HIPAA, COBIT, ITIL, PCI-DSS, ISO 27001, and NIST Cybersecurity Framework.
• Strong understanding of security controls and their implementation across different IT domains.
• Familiarity with vulnerability management, access management, change management, and incident response processes.
• Proficiency in risk assessment methodologies and tools.
• Knowledge of secure coding practices and application security concepts.
• Understanding of network security architecture, protocols, and configurations.
• Familiarity with cloud security concepts and technologies.
• Understanding of encryption technologies and cryptographic protocols.
• Experience using compliance management and GRC (Governance, Risk, and Compliance) tools.
• Ability to analyze complex compliance issues, assess risks, and provide effective solutions.

Primary Responsibilities:

• Provide leadership to the information security team, setting clear goals, expectations, and performance standards.
• Provide ongoing training and professional development.
• Conduct regular performance evaluations, provide constructive feedback, and recognize outstanding contributions.
• Address performance issues promptly and fairly, implementing corrective actions as needed to maintain a high-performing team.
• Promote knowledge sharing and collaboration within the information security team and across the organization.
• Facilitate the exchange of best practices, lessons learned, and emerging trends in cybersecurity to enhance overall security posture.
• Recruit, onboard, mentor, and train new members of the information security team, ensuring they have the necessary skills and knowledge to excel in their roles.
• Develop and implement succession plans to ensure continuity of leadership and talent within the information security team.
• Identify high-potential team members and provide opportunities for career advancement and leadership development.

Compliance Program Development:

• Leads the development and implementation of the IT compliance program, including policies, procedures, and controls.
• Stay current on relevant laws, regulations, and industry standards. Provide informed recommendations to ensure ongoing compliance.
• Collaborate with stakeholders to identify compliance requirements and integrate them into IT processes and systems.
• Compliance Assessments and Audits
• Conduct regular (at least annual) internal assessments and audits to evaluate IT systems, processes, and controls for compliance with regulatory requirements and internal policies.
• Manage and continually improve the organization's response to external audits and assessments, ensuring timely and accurate responses to audit requests.
• Develop standardized responses to external information security audit, assessment, and due diligence questionnaires and requests, ensuring efficient and timely responses to external stakeholders.
• Develop, organize, and maintain the documentation and other assets required to demonstrate control implementation and effectiveness on an ongoing basis. Collaborate with internal stakeholders as needed to support this activity.
• Identify control deficiencies, recommend remediation actions, and monitor the implementation of corrective measures.

Policy and Procedure Development:

• Collaborating wi h relevant stakeholders, contribute to the development and maintenance of IT policies and procedures, ensuring they align with regulatory requirements and industry best practices.
• Communicate IT security policies and procedures to employees to promote awareness and compliance.
• Regularly review and update policies and procedures to reflect changes in regulations or business requirements, ensuring they remain up-to-date and relevant.

Third-Party Risk Management:

• Ensure compliance of third-party suppliers with applicable regulations and information security standards.
• Conduct due diligence assessments and ongoing monitoring of third-party compliance.
• Oversee team that will establish processes for monitoring and addressing non-compliance or security incidents involving third parties.
• Assess and manage the risks associated with third-party relationships, including information security risks and data privacy risks.
• Collaborate with procurement and legal teams to ensure compliance requirements are incorporated into vendor contracts and service level agreements.

Compliance Monitoring and Reporting:

• Oversee team that will establish processes to track compliance with IT policies, standards, and controls.
• Provide updates to senior management on the organization's compliance posture and remediation efforts. Communicate areas of non-compliance, potential risks, and recommended actions.

Compliance Training and Awareness:

• Oversee team to help develop and deliver IT compliance training programs to educate employees on regulatory requirements, industry standards, and best practices.
• Stay informed about emerging compliance trends and technologies and provide recommendations for continuous improvement.
• Promote a culture of compliance and security across the organization.
• Provide guidance to business units on compliance-related matters.

* IT Controls Assessment and Risk Management:*

• Evaluate the design and effectiveness of IT controls to mitigate risks and ensure compliance.
• Assist in the development and implementation of risk management frameworks and methodologies.

• Collaborate with IT teams to identify and remediate control gaps or weaknesses.