Location :- San Jose, CA
Duration :- One Year
Duration :- One Year
- We are looking for a highly talented Information Technology Compliance Professional to assist Client with meeting US and international public and private regulatory requirements. This person will perform the following functions:
- Work with internal and external auditors and regulators to evaluate compliance with external and internal policies, standards and regulatory requirements.
- Analyze regulatory developments and recommend integration into the organization's policies and standards.
- Interpret requirements to ensure appropriate definition of controls.
- Evaluate the design and effectiveness of technology controls throughout the business cycle, and identify opportunities for more efficient and effective controls
- Monitor and perform controls testing, issue management, findings remediation, and assist in correcting deficiencies.
- Lead the innovation and continuous improvement of IT internal control framework, including the integration of multiple compliance requirements.
- Communicate controls, policies, standards, and compliance requirements to business and IT staff.
- Provide periodic compliance status reporting to multiple stakeholders within the organization.
- Ability to track and execute numerous parallel activities, work efficiently and independently with some supervision (i.e., self-motivated and willing to stretch to meet important deadlines)
- Work in a fast-paced, dynamic environment, embrace change, build and maintain constructive working relationships with a diverse community (in and outside of technology)
- Effectively communicate in both written and verbal manner to influence both technical and non-technical audiences
- Passion for technology, information security, and how Client protects customer information
- Does not take a check the box mentality to security
- Bachelor’s degree required, graduate degree a plus
- Minimum of 3+ years of information security, risk management and controls testing/monitoring experience
- Experience conducting audits in accordance with the Sarbanes Oxley Act (SOX), SSAE16, AT101, PCI-DSS or any other regulatory obligations or industry standards
- Understanding of information security and risk management frameworks such as COBIT, ISO17799/2700x, NIST, FIPS or COSO.
- Industry certifications in the areas of Information Security/Systems are preferred – CISSP, CISA, CISM, CGEIT, ISA/QSA
- Technology background with familiarity in at least two of the following: distributed systems (Linux, Solaris, Windows), databases, networks (LAN/WAN technologies, firewalls, routers, load-balancers, web development, mobile. etc.
- Working knowledge of the financial industry and the lifecycle of payment card transactions.