In this role of Information Security Officer you will be responsible for:
- Proactive identification and mitigation of IT risks as well as responding to observations identified by third party auditors or examiners while assisting in the development of periodic reports and dashboards presenting the level of controls compliance and current IT risk posture.
- Responsible for PCI-DSS 4.0 compliance (Level 1) company-wide.
- Educating technical and non-technical team members across the company on security matters.
- Regularly auditing all IT provided internal services including but not limited to hardware (computers, storage, and network equipment).
- Assisting Company managers and staff with external audits and facilitate management response and remediation efforts. Ensure overall compliance with regulatory requirements through proactive planning and communication, ownership and relationships.
- Coordinating the continuous development, implementation, and updating of security and privacy policies, standards, guidelines, baselines, processes and procedures in compliance with local, state, and federal regulations and standards for information systems.
- Developing and managing the frameworks, processes, tools and consultancy necessary for the organization to properly manage risk and to make risk-based decisions related to IT activities.
- Broadening and deepening knowledge of the business and technology environment with respect to the delivery of projects, strategic initiatives, and systems portfolio to effectively assist IT managers and staff with risk and compliance management.
- Facilitating information systems security management education and training in regulatory and industry standards for all employees.
- Remaining current on applicable international laws and regulations that may impact the Company.
To be successful in this role of Information Security Officer you will need the following experience and qualifications:
- A Bachelor’s degree or equivalent in Computer Information Systems, Management Information Systems, or Computer Science.
- A minimum of 5 years work experience with similar type of work.
- Previous experience as a PCI Internal Security Assessor (ISA) or Qualified Security Assessor (QSA), or demonstrated experience performing such analysis and tasks for an organization.
- Experience in risk, compliance and information security policy development.
- Knowledge and understanding of corporate/industry information security, governance, risk and compliance practices and standards.
- Knowledge of laws and regulations including but not limited to: CCA, GDPR and PCI-DSS 4.0.
- Excellent organizational and communication skills (both oral and written).
- Strong interpersonal skills and the ability to effectively communicate with a wide range of individuals and constituencies in a diverse community.
- Excellent knowledge of Internet security, including Internet architecture, protocols, and applications
- Excellent problem-solving and analytical skills, and exceptional attention to detail
- Fluent in English.