General Role Description
The Senior Compliance Manager leads major IT security & compliance certification programs for Synchronoss Global Information Security (GIS), including both PCI DSS and SOX ITGC. The role partners with business and IT leaders across all lines of business and functional areas to define appropriate certification objectives, and leads execution of audit, assessment, and testing activities to achieve and maintain compliance. The role is expected to provide deep understanding of evolving industry and regulatory compliance requirements, enabling Synchronoss to establish a competitive advantage in the marketplace by selecting and executing high-value, cost effective IT and information security certification programs.
Specific Job Responsibilities
- Lead execution of major IT and information security compliance certification programs.
- Collaborate with business and IT leadership to identify certification goals that best advance product strategy and business objectives.
- Provide direct oversight of third party audit partners, ensuring successful program execution and high-quality deliverables.
- Guide internal stakeholders to fully understand control requirements and to prepare for audit and testing activities.
- Drive appropriate follow-up to certification results, providing remediation advice and leading implementation of appropriate remediation activities.
- Provide guidance to identifying appropriate technical and process solutions to meet evolving compliance and security requirements.
- Establish and lead a GIS internal audit program to ensure ongoing compliance with Synchronoss JT and security controls framework as well as external certification standards.
- Define and manage internal audit plan and schedule that ensures effective management of risks related to IT, information security and data privacy in identified key business and technology areas.
- Lead execution of internal audits, document audit results, and communicate findings and recommendations to business leadership.
- Guide business stakeholders in defining and implementing technical and process improvements and/or remediation plans based on internal audit results.
- Lead additional audit and compliance activities aligned to customer, product, and business requirements, as appropriate.
- 5+ years of experience leading audit and testing related to financial systems and reporting, including Sarbanes-Oxley (SOX) compliance, testing of IT controls, and substantive testing of transactions.
- 5+ years of experience leading PCI certification auditing using PCI DSS v3.1 and v3.2, including strong understanding of assessment process, compliance requirements, and controls applied to both business processes and IT systems.
- Familiarity with other information security standards applicable to managing cloud-hosted applications and shared-service environments is a plus, such as ISO27001, HIPAA, HITECH, HITRUST, and FedRAMP.
- Working knowledge of technologies and solutions offered by industry for related process and technical controls.
- Hands-on experience in financial and/or information securityauditing desired; CISA, CIA, or related certifications are a plus.
- Excellent verbal and written communication and presentation skills. Must have the ability to communicate effectively with external customers, auditors, suppliers, internal stakeholders, and executive management in both formal and informal situations.
Job Code DJOB