|
Business Title:
|
Manager, Information Protection & Security – Audit & Compliance
|
|
Requisition #:
|
USAHQ-869
|
|
Country:
|
United States
|
|
State/Province:
|
Georgia
|
|
City/Town:
|
Atlanta
|
|
Position Type:
|
Full Time - Regular
|
|
Field of Interest Category:
|
Information Technology/Telecom
|
|
Shift:
|
|
|
Scheduled Work Hours:
|
|
|
Percent of Travel:
|
1-25%
|
|
Relocation:
|
No
|
|
Language(s) Required:
|
English - Read
English - Speak
English - Write
|
|
Job Description:
|
Job Summary
This position is responsible for the information protection risk, audit and compliance program of BCD Travel. The ideal candidate will implement and lead a risk based audit program, maintain and direct the compliance program, liaise with external parties, mentor team members and conduct internal and external audits on BCD Travel relevant entities. The incumbent will also identify and report on the effectiveness and efficiency of the risk, audit and compliance (RAC) program and the information protection controls in support of optimizing the overall security posture of BCD Travel.
The Information Protection & Security Audit and Compliance team is responsible for delivering all aspects of the audit process including: planning, performing risk assessments, identifying controls used to manage risks, as well as developing and executing test plans to assess the adequacy and effectiveness of the controls. Additionally, the team is responsible for writing audit reports with observations, potential exposure/recommendations, assisting with the preparation of materials to present to the appropriate entities, and communicating effectively with all levels of employees.
RESPONSIBILITIES INCLUDE
Risk, Audit and Compliance (RAC) Responsibilities
• Develop, implement and manage a risk-based audit program in compliance with audit standards, guidelines and best practices.
• Plan specific audits to ensure that assets are protected and controlled.
• Function as the IT lead on SAS-70, PCI, EU Safe Harbor, General Computer Controls, and client audits
• Assess controls and conduct audits in accordance with IS audit standards, guidelines and best practices to meet planned audit objectives.
• Meet with external auditors to review and formulate responses to audit findings
• Communicate emerging issues, potential risks, and audit results to key stakeholders.
• Appraise and communicate control strengths and weaknesses with audit, IT management and business unit staff in order to plan an effective and efficient integrated audit approach and remediation plan
• Advise on the implementation of risk management and control practices within the organization
• Review and update relevant documentation to ensure control objectives are recorded and communicated
• Manage and maintain internal and external information protection risk assessment initiatives
• Implement and maintain PCI DSS and ISO registration
Additional Responsibilities
• Allocate and manage staff as required to achieve results
• Define appropriate frameworks for compliance initiatives
• Assist with requests-for-proposals and Information Security responses for clients
• Analyze reports from information security systems including: log consolidation, patch compliance, change control, vulnerability, IDS, and content management
• Respond to Information Security support desk escalations and assist with resolution
• Assist with incident response including performing investigative follow-up, assigning responsibility for corrective action, and auditing for effective completion
• Participate in security planning for future application system implementations
• Stay current with industry trends relating to Information Security
• Performs other Information Security projects / duties as needed
MINIMUM QUALIFICATIONS
Transferable Skills (Competencies)
• Strong conceptual understanding of Information Security theory
• Strong working knowledge of risk management theory and practice
• Strong multi-tasking and analytical/troubleshooting skills
• Strong verbal and written communication skills
• Strong working experience in meeting with internal and external auditors, IT management, and clients to discuss and address security concerns
• Strong working experience of ISO 9001:2000, ISO 27001 requirements, and PCI DSS
• Strong working experience of SAS-70 audit requirements
• Strong working knowledge of Windows XP/2000/2003, Active Directory, and IT Infrastructure security, audit, and control methods and concepts
• Working experience in troubleshooting information security-related problems and incidents
• Working knowledge of anti-virus systems, vulnerability management, and violation monitoring
• Working knowledge of AS400 security, audit, and control methods and concepts
• Working knowledge of SAP and Peoplesoft security, audit, and control methods and concepts
• Working knowledge of security architecture including encryption, firewalls, and VPNs
• Working knowledge of COBIT requirements
• Working knowledge of US and EU Data Protection requirements, Safe Harbor, ITIL v3, General Computer Controls
• Basic knowledge of Linux security, audit, and control methods and concepts
• Intermediate Programming and MS SQL and Oracle relational database knowledge helpful
• Proficient in MS-Office suite of products
• Professional, team oriented
Qualifications
• Bachelor’s Degree (B.A.), or equivalent combination of education and experience in Information Security, Computer Science, Management Information Systems or related curriculum
• Aptitude to prioritize and load balance sensitive projects concurrently
• Strong organizational, time management, decision making, and problem solving skills
• Professional certifications from ISACA (CISA, CISM), (ISC)2 (CISSP), or SANS strongly preferred
• 5 years of relevant general Information Technology experience required
• Some server and network administration experience helpful
• Experience with any ISO registration strongly preferred
• Experience with PCI, SOX or SAS 70 audit strongly preferred
Physical Requirements
• Travel necessary at times
• Some light lifting required at times
Salary will be commensurate with experience. Please include salary requirements along with resume for consideration. No recruiters please.
|
|
