Listing Description
We are looking to hire an accomplished IT Security Compliance Manager to join the Blackhawk Network Global Information Security team reporting into the Sr. Director of IT Security Compliance. This position will serve as a subject matter expert on information security and compliance initiatives. A qualified candidate will have deep experience with the assessment, implementation, management and documentation of a broad set of information security controls and processes within hosted and cloud environments. This candidate will work with internal and external stakeholders to implement and manage a strong integrated security posture in addition to serving as a consultant to the business on IT controls design.
Qualifications:
5+ years of experience with IT Security Compliance within the Information Technology or Financial Services industry with experience in managing governance, risk, and compliance efforts of relevant domestic and international security frameworks, standards and best practices such as ISO 27001, COBIT, NIST Cybersecurity, PCI DSS, GDPR
2+ years of experience in ISO27005, ISO31000, and/or other risk management frameworks to proactively identify and remediate IT security risks
Excellent time management and organization skills with an aptitude towards creative problem solving
Established track record of competency in the field of information security with direct experience in a significant compliance role
Highly developed oral and written communication skills; strong presentation skills
Excellent technical communication and analytical skills; ability to simplify and report on complex technical functions and risks to senior leaders
Education/Certifications
Bachelor’s degree in Business/Computer Science or equivalent
Certification in one or more of an industry recognized certification related to information security or IT compliance such as CISA, CRISC, CRMA, CISSP, PCI DSS QSA, CTGA
Blackhawk Network is an Equal Opportunity Employer. Blackhawk Network believes that diversity leads to strength.Manage the development, maintenance, communication, and enforcement of information security policies, standards and procedures with the Global Information Security Governance Risk and Compliance team
Manage and conduct technical audits, certifications, and other compliance efforts including ISO 27001, PCI DSS, CSA STAR, SOX, and SSAE-16
Manage ongoing governance activities related to key vendors including: service provider audits, risk and IT security reviews, issue resolution, and performance management
Perform information risk assessments, ensure documented evidence supporting control objectives is complete and accurate, identify and document control gaps
Partner with management and the broader technology teams ensure gap remediation action plans are constructed and completed in a timely manner
Effectively track documented control gaps and remediation plans to ensure timely remediation
Drive Information Security Management System Steering Committee meetings with senior security and technology management
Coordinate with multiple business teams to incorporate appropriate security requirements at appropriate points in new development efforts
Partner with business stakeholders to assess IT terms in third party contracts, RFPs and SOWs, and incorporate appropriate information security terms in new business agreements
Handle multiple competing priorities in a fast-paced environment
Research and understand emerging information security threats, vulnerabilities and their countermeasures and advise business and management accordingly
Listing Details
- Citizenship: No Requirements
- Incentives: Not Provided
- Education: Bachelors Degree
- Travel: No Travel
- Telework: No Telecommute