As IT Security Compliance Associate Manager, you will ensure proper oversight of and compliance against the internal IT standards as well as legal and regulatory policies with which the organization is required to comply. This role will form part of a team responsible for defining, implementing and maintaining the approach for IT compliance including periodic assessments, reporting and governance.
IT Security Compliance Associate Manager
- Assist in the development, implementation, monitor and reporting of the IT compliance framework.
- Run period assessments for compliance against the IT standards.
- Perform compliance reviews of IT systems, services and processes (including 3rd parties), to identify non-compliance risk, weaknesses in controls and opportunities to enhance operational efficiencies.
- Assist in the development, implementation and monitoring of reporting mechanisms for IT compliance, to support governance and highlight area of exposure.
- Assist in the execution of vendor compliance reviews, including the assessment and treatment for risks that may result from partners, consultants and other service providers.
- Business & IT stakeholders
- Wider IT & Security team
- IT & Security Governance Committee/Forum
- Risk and Audit Committees
- External auditors & 3rd Party Vendors
SKILLS AND ATTRIBUTES:
- University degree in technology or a related discipline
- Professional certification in IT and Security preferred – e.g. CISA or CISM
- 3 or more years of progressive information security, IT or architecture experience
- A basic working knowledge of methods and best practice in IT compliance, risk management and IT Security.
- Understanding of industry security standards and frameworks such as ISO, ITIL, COBIT, SOx and PCI.
- Experience with reporting tools (advanced Excel), with strong attention to detail.
- Experience of working in a complex geographical/functional matrix organization
- Skills in relationship management and influencing at all levels of the organization
- Other Attributes
- Knowledge of industry security, risk management and assessment methodologies and standards and applying them in a large enterprise environment - e.g. ISO 27000 series, NIST, OWASP, PCI DSS
- Good understanding of current and emerging IT and security technologies, security threats and trends
- Exposure and demonstrable experience in a least one discipline; e.g. Microsoft, Oracle, Cisco, SAP
- Excellent written and communication skills including experience with non-technical audience