IT Security Compliance Manager

BlackHawk Network   •  

Pleasanton, CA

Industry: Networks

  •  

5 - 7 years

Posted 273 days ago

This job is no longer available.

We are looking to hire an accomplished IT Security Compliance Manager to join the Blackhawk Network Global Information Security team reporting into the Sr. Director of IT Security Compliance. This position will serve as a subject matter expert on information security and compliance initiatives.  A qualified candidate will have deep experience with the assessment, implementation, management and documentation of a broad set of information security controls and processes within hosted and cloud environments.  This candidate will work with internal and external stakeholders to implement and manage a strong integrated security posture in addition to serving as a consultant to the business on IT controls design.

Responsibilities:

  • Manage the development, maintenance, communication, and enforcement of information security policies, standards and procedures with the Global Information Security Governance Risk and Compliance team
  • Manage and conduct technical audits, certifications, and other compliance efforts including ISO 27001, PCI DSS, CSA STAR, SOX, and SSAE-16
  • Manage ongoing governance activities related to key vendors including: service provider audits, risk and IT security reviews, issue resolution, and performance management
  • Perform information risk assessments, ensure documented evidence supporting control objectives is complete and accurate, identify and document control gaps
  • Partner with management and the broader technology teams ensure gap remediation action plans are constructed and completed in a timely manner
  • Effectively track documented control gaps and remediation plans to ensure timely remediation
  • Drive Information Security Management System Steering Committee meetings with senior security and technology management
  • Coordinate with multiple business teams to incorporate appropriate security requirements at appropriate points in new development efforts
  • Partner with business stakeholders to assess IT terms in third party contracts, RFPs and SOWs, and incorporate appropriate information security terms in new business agreements
  • Handle multiple competing priorities in a fast-paced environment
  • Research and understand emerging information security threats, vulnerabilities and their countermeasures and advise business and management accordingly

Qualifications:

  • 5+ years of experience with IT Security Compliance within the Information Technology or Financial Services industry with experience in managing governance, risk, and compliance efforts of relevant domestic and international security frameworks, standards and best practices such as ISO 27001, COBIT, NIST Cybersecurity, PCI DSS, GDPR
  • 2+ years of experience in ISO27005, ISO31000, and/or other risk management frameworks to proactively identify and remediate IT security risks
  • Excellent time management and organization skills with an aptitude towards creative problem solving
  • Established track record of competency in the field of information security with direct experience in a significant compliance role
  • Highly developed oral and written communication skills; strong presentation skills
  • Excellent technical communication and analytical skills; ability to simplify and report on complex technical functions and risks to senior leaders

Education/Certifications

  • Bachelor’s degree in Business/Computer Science or equivalent
  • Certification in one or more of an industry recognized certification related to information security or IT compliance such as CISA, CRISC, CRMA, CISSP, PCI DSS QSA, CTGA

Blackhawk Network is an Equal Opportunity Employer. Blackhawk Network believes that diversity leads to strength.

2018-8558