Manager Compliance- PCI & SDLC Governance Team

Sprint   •  

Overland Park, KS

Industry: Telecommunications & Hardware


5 - 7 years

Posted 34 days ago

Job Summary

Administers compliance activities per corporate policies and procedures, including systems for addressing alleged violations of sales program. Drives strategic and tactical initiatives, aimed at increased levels of compliance for specific initiatives. Manages existing and potential fraudulent situations for the organization. Works closely with internal audit and other functional departments on training and improvement plans by monitoring programs. Builds new reporting to detect non-compliance in accordance with established M&P's. Completes in-depth analysis of compliance results. Establishes and implements policies and procedures designed to identify and deter fraudulent. Reviews and researches new technologies and/or systems for various types of fraud. Responsible for ensuring effective remediation of non-compliant situations through the re-design of processes and testing of their effectiveness. Manages the activities of individual contributors with accountability for goals, objectives, operational policies. May participate in the development of functional strategy.

The Cyber Security IT Compliance and Risk Management team is the audit and governance arm for Sprint's compliance efforts. We support Sprint's Federal and State Do Not Contact (DNC) regulatory requirements and the Payment Card Industry Data Security Standard (PCI DSS). Within Sprint's Information Technology lane, we manage Sarbanes Oxley compliance and remediation activities for all IT related Security Risk Assessments (SRA), Corporate Audit Services (CAS) findings and National Security Agreement (NSA) responsibilities. With our new alignment to the Cyber Security organization we are expanding the depth and breadth of support for PCI, HIPPA, CPNI, and Privacy to include areas such as: API Governance, Software Development Lifecycle security governance, risk management, vulnerability management, access control governance, New York DFS and California Privacy law.

This specific manager position will lead the PCI & SDLC governance team and will be responsible Sprint's PCI compliance, annual audit, control development and all related communication and training. He/She will support and manage security functions and processes related to Sprint's Software Development Lifecycle including compliance and governance of all static, dynamic, integrated, mobile security testing including software composition analysis and threat modeling including process development, tools standardization and management and all related role specific training.

The ideal candidate will also be a skilled communicator with executive presentation experience, along with the ability to manage morale and work to provide a fun and engaging work environment.

Basic Qualifications

• Bachelor's degree and eight years related work experience or twelve years related work experience post high school

• Five years experience in compliance audits or relevant field operations experience

• Five years experience developing compliance policies or relevant field operations experience

• Three years leadership, supervisory or management experience

Preferred Qualifications

  • Have or able to obtain one of more of the following: PCIP, CIPP, PCI ISA/QSA, CISSP, CISA.
  • Familiarity with Privacy regulations, control development and security standards (such as: ISO 27001, NIST 800.53, 800.171) or Sprint Privacy and Security policies.
  • Previous experience with vendor management and audit, including QSA and ASV, security testing, scan methodologies and issue remediation management.
  • Previous experience managing a large scale PCI compliance and/or secure software development function.
  • Clear understanding of the Payment Card Industry Data Security Standard and related audit methodologies.
  • Experience working with other business functions such as IT, Office of Privacy, Legal, Marketing, Sales, Care, Corporate or Cyber Security.
  • Experience with large scale regulatory program implementation and governance initiatives.
  • Managing a diverse set of highly skilled professionals to meeting regulatory mandates to include related projects, budgets and cross functional teams.
  • Initiate proposals and manage contracts, contract deliverables and vendor engagements.
  • Engage and aid executive management to identify and resolve issues, manage scope and maintain compliance.
  • Ensure the development and testing of controls designed to validate compliance and support external audits.
  • Regularly communicate with all levels of management, up to and including c level executive, though various methods involving high risk, time sensitive and highly visible data and situations.
  • Support corporate sales organizations in responding to Requests for Proposals, security and compliance information requests and customer audits.