Zyston’s client has requested we manage the search and hire effort for a Leader of Vendor Risk Management to join their team.

KEY SKILLS:

• The successful candidate WILL have extensive PCI and PCI DSS experience as a SME
• The successful candidate WILL have strong IT Controls experience
• The successful candidate WILL have experience in hands on leadership
• The successful candidate WILL have IT Audit and strong SOX understanding

Required Aspects:

The Information Security Compliance Manager is responsible for leading the company’s various audit programs that impact the Technology Services Area. The Information Security Compliance manager owns the PCI audit program and supports Internal Audit and SOX audits for the company. The Information Security and Compliance manager is responsible for cybersecurity training and phishing campaigns

Responsibilities/Essential Functions:

• Leads the company’s PCI Audit Program: conduct readiness assessments for external audits or conduct self-assessments where required
• Collaborates with control/business owners to request necessary and appropriate Technology Service’s evidence documentation to support SOX Audits
• Collaborates with Technology Services control/business owners in support any internal audit requests
• Perform ongoing controls testing and assist control owners with remediation
• Monitor remediation actions, track, and report on progress
• Coordinate with Internal Audit for all financial and corporate-wide audits
• Coordinate and manage external auditors, as needed
• Run Third Party (Vendor) Risk Management Program
• Own the company’s cybersecurity training program
• Help develop/improve third party oversight initiatives
• Own the company’s Risk Assessment Program
• Lead Tabletop Exercises
• Be able to conduct initial and ongoing vendor due diligence, ongoing risk assessments in accordance with company policies and procedures
• Participate in meetings designed to gain an understanding of existing business processes and workflows
• Maintain knowledge of overall business issues and objectives, understand company structure and functional responsibility
• Provide project support for various initiatives, if needed
• Support efforts to create common control framework and uniform compliance program.
• Assist with preparing reports for management and control owners on the effectiveness of their control environment
• Assist with documenting, modifying, and publishing compliance related SOPs and policies
• All other duties, as assigned

Knowledge/Skills/Abilities:

• Proven ability to prioritize, organize and multi-task in a highly detail orientated environment
• Proven ability to manage tasks fully from inception to completion
• Proven self-starter who works well in a team
• MS Office 365 Expert in productivity tools, MS Teams
• Expert at spoken and written communication
• Familiarity with compliance standards and frameworks (ISO27001, PCI SOX, SOC1/2 reporting)

Working Environment/Safety Requirements:

• Ability and willingness to handle work related issues during all hours of the day, every day of the week, understanding the responsibility of our organization’s requirement for 24/7 production support
• Ability, willingness, and flexibility to travel as needed for approved work purposes in accordance with project and management schedules
• Be legally able to work in the United States: U.S. Citizen or Legal Resident
• Be legally able to travel to Canada and Mexico

Experience/Qualifications:

• Bachelor’s degree in information technology, information security, accounting, or related field or equivalent experience
• 7+ years of demonstrated hands-on experience as compliance manager with minimum 7 years of information security compliance and risk management work experience with a broad range of exposure to all aspects of IT security audit planning, audit methodologies, risk management methodologies and contract reviews.
• Proven experience working in a global organization with diverse cultural considerations and timezones.
• Bachelor’s Degree in information security, information technology or related discipline.
• Expert in establishing information security risk management, governance, compliance and audits in different regions and business units from scratch and achieve maturity over next 18-24 months.
• Proven track record in managing and implementing information security governance, risk and compliance programs using industry-leading solutions such as RSA Archer.
• Expert level knowledge in various industry standards and best practices such as SOC 2 Type II, ISO/IEC 27001 Certification, SOX, ITGS, and PCI-DSS
• Excellent business communication skills
• Ability to work autonomously or as part of a team, within targets and deadlines

License Requirements/Certifications:

PCI QSA (v. 4.0) Certification – Required

CISA Certification – Strongly Preferred