he Security Audit & Compliance Manager will design and implement programs to ensure compliance with regulatory and contractual requirements and industry standards (to include HIPAA and PCI) for Asurion, globally. Responsibilities include leading security-related technology audits to drive compliance and alignment of technology resources.
As part of our Trust Office team, you will work to ensure that our systems and services are designed, operated, and protected to maintain customer trust and regulatory compliance.
You will leverage your background in audit, security, risk, and compliance to evaluate and assess systems and services against Asurion policies and standards. You will partner with stakeholders across Asurion to execute a risk-based approach, identify compliance gaps, and act as a thought leader who recommends and leads risk mitigation strategies with cross-functional teams across Asurion.
You will work independently with the ability to prioritize workloads, remain flexible, and maintain a strong attention to detail in a fast-paced environment while supporting multiple, simultaneous programs.
Essential duties & responsibilities:
- Use your in-depth knowledge of regulatory compliance, IT security, and strong customer skills to act as the subject matter expert to internal technology and operations teams in a Trusted Advisor capacity to assist their understanding of the PCI requirements related to their applications.
- Achieve and maintain PCI Internal Security Assessor (ISA) certification.
- Conduct and complete PCI DSS assessments on behalf of the company to ensure the company’s ability to protect cardholder data.
- Lead regulatory remediation projects and risk mitigation efforts. Track and manage action plans for remediation of audit findings. Perform analysis and reporting of compliance gaps.
- Provide subject matter expertise related to PCI, HIPAA or client security requirements to internal technology and operations teams to ensure Company’s ability to maintain compliance when modifying or implementing applications involving sensitive data.
- Lead Asurion’s response to client audit requests and coordinate collection of audit artifacts.
- Work to improve audit efficiency by maintaining artifacts and information related to each audit and suggesting improvements to the means and methods of acquiring said artifacts and information.
- Monitor issues to provide assurance reporting of how Company is complying with specific country and industry regulatory requirements and the internal control framework in order to maintain a compliant, audit-ready posture.
- Coordinate and represent Asurion in negotiations with external auditors.
- Train audit participants in audit preparation and response.
- Perform other related duties as assigned.
Education and/or formal training:
- BS/BA Computer Science or equivalent related education required
- Must currently hold one or more of the following security certifications:
- CISSP or CISM
- Must currently hold one or more of the following audit certifications:
- CISA, GSNA, IRCA, ISMS Auditor, or Certified ISO 27001 Lead/Internal Auditor
- PCI QSA or ISA certification
Knowledge, skills and abilities:
- 3 - 5+ years progressive experience in information security or technology audit, including experience with issue resolution and leading teams in a cross-functional setting.
- Experience in technology audit, risk analysis, and compliance testing.
- Good working knowledge of security regulations and industry best practices.
- In-depth knowledge of PCI DSS and demonstrated experience conducting PCI assessments
- Experience leading global regulatory compliance efforts (e.g. HIPAA, PCI, SOX, Privacy).
- Experience evaluating the design and effectiveness of security controls.
- Knowledge of auditing frameworks and international standards, such as ISO 27001/27002, PCI DSS, HIPAA/HITRUST, NIST CSF, SSAE 18, COBIT and ITIL.
- Experience or familiarity with governance, risk and compliance (GRC) tools such as ServiceNow.
- Strong analytical and problem resolution skills. Exceptional business judgment, with the ability to think strategically and give practical advice by balancing business needs with risks.
- Broad and deep technical knowledge across multiple, diverse technical configurations, technologies and processing environments.
- Exceptional interpersonal skills in areas such as teamwork, collaboration, facilitation, negotiation, and persuasiveness.
- Excellent communication (oral, written, presentation) skills. Ability to communicate effectively at all levels of the organization.
- A practiced ability to influence peers, customers and project teams to make security-minded decisions and changes.
- Must be self-directed, organized and have excellent time management skills.
- Ability to work in a fast-paced, dynamic environment while maintaining high quality output and a positive working relationship with peers and management.
- Ability to operate under ambiguous circumstances, address uncomfortable issues, and leverage data to make informed decisions.
Other position considerations:
- Required to read and follow all company policies and procedures.
- Ability to handle proprietary and sensitive information in a confidential manner.
- While the schedule is generally a Monday through Friday daily schedule, this position requires some weekend and evening assignments as well as availability during off-hours for participation in scheduled and unscheduled activities.
- May involve some travel.