|Title:||Information Security Assurance|
Position: Associate Director Global Information Security Assurance
Location: Columbus, GA
Salary: $101,178–$170,340 / yr
Summary of This Role
Develops and leads a team of information security assurance specialists. Performs and assists in development of enterprise information security assurance functions through the use of global assurance services, strategies and solutions. Provides technical guidance on information security policies, procedures, technologies and compliance-related activities as a technical advisor and business partner. Works with key stakeholders at multiple levels in order to identify and align business and Information Security objectives, discover pain points, provide recommendations, and recognize current and future security needs. Determines risk and exposure from security breaches and resolves incidents while providing guidance to business decision-makers.
What Part Will You Play?
1. Directly leads five or more supervisors, managers, higher level professional/technical team members, or lower to mid-level senior professionals. Exercises full supervision in terms of staffing, work and
performance management, salary decisions, training and development, and disciplinary issues.
2. Collaborates with senior executive leadership to build mutually beneficial relationships, understand company \ business segment \ department strategy. Aligns segment business unit and Information Security (IS) goals and objectives, facilitating understanding, planning, and communication between IS functions and the business unit. Demonstrates broad knowledge and understanding of information security and business needs by identifying and engaging appropriate IS support teams to mitigate risk.
3. Mitigates risk associated with third party vendors and internal application / processes. Leads internal security and high level (internal category one / two) vendor security reviews; initial and periodic information security reviews, technical assessments, contract reviews with IS clauses, and participates in associated quarterly business reviews. Provides oversight and reports on risk management program to leadership for remediation of findings and evaluates solutions to reduce residual risk.
4. Gains credibility by providing expert solutions to trends and topics that influence information security in the payments industry. Identifies new and emerging threats that affect information assets, collaborates with Architecture & Engineering teams on third party software/solutions, IT configuration changes (including access control requests), and network/system architecture from a risk perspective, and provides appropriate direction. Develops education & awareness programs tailored for business segments. Promotes the corporate security policy and procedures in alignment with senior leadership.
5.Leads information security incident response, investigation, resolution and closure of incident response processes. Consults on incident handling process which includes implementation of containment, protection and remediation activities. Collaborates with Threat Management Center on responses to known and emerging threats against the network. Partners in the after action reviews of security incidents for process improvement. Provides support for forensic and incident security investigations in accordance with the incident response plan. Facilitates client communications relating to incidents and updates senior management on incident status.
6.Reviews business requests to determine level of risk acceptance to mitigate impact. Informs management of security policy variances.
7.Not an exhaustive list; other duties as assigned
What Are We Looking For in This Role?
Minimum 10+ years relevant experience. Minimum of 3-4 years of experience in a supervisory position. Knowledge of industry standard security compliance programs PCI (Payment Card Industry), FFIEC (Federal Financial Institutions Examination Council), SOX(Sarbanes-Oxley), GLBA(Gramm Leach Bliley Act), and HIPAA (Health Insurance Portability and Accountability Act).
• Bachelor's Degree
• Relevant Experience or Degree in: Information Security or Computer Science preferred. Other majors will be considered.
• related professional experience including a minimum of 3-4 years experience in a supervisory position.
• One or more of the following-CISSP, CISA, CISM, PCI-QSA, PA-QSA, PCIP, CRISC, CGEIT, Certified Forensic Computer Examiner (CFCE), Certified Cyber Threat Analyst (CCTA), Certified Computer Examiner (CCE)
• Prior TSYS, payment or technology industry experience is preferred.
• Master's Degree in a related field of study from an accredited university.
Apply to Job