Under general direction, responsible for implementing, monitoring and assessing the state of security controls designed to protect data system information. Will assist in evaluating, assessing, and monitoring the organization's compliance with applicable information security standards and frameworks, industry best-practices and guidelines, and applicable laws and regulations. Also responsible for conducting annual compliance audits, coordinating and maintaining the organization's information security program, and assisting in the implementation of security policy.
Essential Duties & Responsibilities:
- Document and coordinate all internal IT audits.
- Setup vulnerability scans and plan remediation.
- Interface with the NAB businesses and advise businesses of compliance and governance concerns.
- Manage third-party and auditing contracts.
- Administer internal governance tool.
- Coordinate training for employees and developers.
Education and Experience (required):
- Bachelor’s degree in Information Technology or related discipline, or equivalent experience.
- Minimum seven (7) years progressive experience in Payment Card Industry (PCI) audit and compliance.
- Minimum four (4) years’ experience in information technologyshared services.
- Experience with change management, continuous improvement and Lean principles.
Education and Experience (preferred):
- IT Security certification(s) in CISM (Certified Information Security Manager), CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor), CRISC (Certified in Risk and Information Systems Control), and/or GIAC (Global Information Assurance Certification).
Knowledge, Skills & Abilities (required):
- Strong working knowledge of IT security regulations and/or standards: NIST 800-53/ Cybersecurity Framework, ISO 27001/2, HITRUST, CIS Benchmarks, and PCI DSS.
- Strong understanding of IT governance controls, including working knowledge of GRC tools.
- Strong analytical and decision making skills, including the ability to prioritize and work on multiple projects under time constraints.
- Must understand the current securitythreats model and demonstrate a strong willingness to stay at the forefront of security developments.
- Ability to work independently as well as in a team environment, including multi-level staff and external partners.
- Excellent interpersonal and communication skills (written and verbal).