INFOSEC Compliance Specialist

The Ideal Candidate

Accurate and succinct written and verbal communication skills are essential. Plus, you can manage in a high-pressure environment with multiple stakeholder requests. You will use your compliance expertise to assist commercial teams to complete compliance spreadsheets, periodic reviews and answer questions from customers and partners. You will gather compliance information from our current policies, procedures, and processes, along with evidence that you need to address specific risk areas raised by customers. You will need to understand and articulate how a certain control addresses concerns by the customer.

The Role

In this role, you will work in our global compliance team to measure and improve our compliance readiness.  With a focus on US markets, you will manage and respond to risk and compliance assessments required from Entersekt by our US customers and other global partners. Your success depends on responding timeously to customer request on assessments, such as /RFQ/DPQ/DPA/TPRM, and ensuring that our global compliance posture is represented accurately to our customers and prospects. Another important part of your role entails leading discussions on risk and compliance with the commercial team during detailed customer review sessions in collaboration with pre-sales and sales directors.

Responsibilities

• Lead the compliance response process for all customers in North America as well as their periodic compliance reviews.
• Work closely with pre-sales and the commercial teams to provide reusable content for the completion of RFP’s and attend customer meetings to address and clarify compliance items.
• Develop and maintain an up-to-date repository of compliance material to be used in commercial negotiations and compliance reviews.
• Support and review customer and vendor contracts to understand and communicate compliance requirements.
• Monitor investigations and documentation of cybersecurity compliance issues and incidents.
• Review information security risk findings and non-compliance with business leaders and propose solutions to mitigate risks.
• Contribute to Entersekt’s security content development, maintenance, and maturity.
• Implement and monitor information security operational requirements and information security design criteria and templates.
• Participate in actions, procedures and dress rehearsals related to the prevention and resolution of security breaches, and ensure incident and problem management processes are initiated.
• Assist with baseline security reviews and monitor operational security activities according to the policy.
• Develop, scope, and discuss security service audit and review schedules and perform the required access controls and penetration testing to identify security weaknesses.

Skills and Experience

Successful candidates for this role will generally possess the following qualifications and skills:

• Relevant knowledge of information security management, best practices and policies in the US financial sector.
• Sound understanding of security operational processes and controls.
• Maintain up-to-date knowledge of security threats, countermeasures, security tools, and network technologies.
• Relevant knowledge of technological advances within the information security arena.
• Good interpersonal and consultation skills with the ability to map business needs to technology solutions.

• Ability to discuss and report technology and information security risk with non-technical and executive business stakeholders.

  • Good project management skills.
  • Analytical thinking and a proactive approach.
  • Team player with the ability to display consistent client focus and orientation.
  • Ability to develop, define and articulate ISM and compliance strategies.
  • Good interpersonal skills with the ability to develop strong business relationships.

• Demonstrable experience within the Compliance and Information Security Industry, specifically with standards such as SOC-2, ISO27001, PCI-DSS and US Data Privacy legislation.
• Security certifications – ISO27001 Lead Auditor; CISA, CRISC or equivalent.
• Relevant Bachelor’s degree in Computer Science or equivalent.

Personality Attributes

• Ability to work under pressure and prioritize business needs.
• Effective communication skills – you will need to translate the compliance risks to customers and internal stakeholders.
• Pro-active and pre-emptive approach and communication
• Self-motivated
• Excellent project management skills.