*the*opportunity*:
position summary
primary
*responsibilities*:
- ensure regional compliance with global it security policy, standards and requirements
- report out of regional information security status to global it security
- risk management and prioritization based on global, regional and country needs
- help ensure compliance with local laws and regulations pertinent to it security
- manage and assist in collaborating with global and local personnel on incident response, breach prevention and digital forensics
- delivery of information security projects for the region
- ensure and improve it security awareness among local employees
- management and development of metrics to provide visibility of compliance
- develop formal metrics and kpis to help provide insight and progress of management and control of the function to relevant management
- train and develop teams on processes and capabilities and ensure processes are properly documented from end-to-end, including involvement of other teams and functions
- resolve problems independently and understand, define and/or refine escalation processes and procedures.
education and experience
- bachelor degree in information technology, information security/assurance, engineering or related field of study preferred; at least six years of related experience and/or training (in addition to experience requirements below); or equivalent combination of education and experience preferred
- strong interest in technology and a desire to learn and grow in applicable technologies field is required.
skills and knowledge must be kept current, including ongoing active pursuit of certifications
- preferred experience managing personnel in a global environment
- experience developing and implementing information security strategies in a global organization
- preferred strong communication and management skills and experience working in a global matrixed environment
- strong experience managing a team and interacting with various teams in order to socialize and gain agreement on execution of necessary activities
- practical expertise with tcp/ip networking required
- requires taking responsibility for the interaction and overall success of managed services
- technical knowledge on a number of security technologies required
- solid understanding of information security and networking required
- extensive experience interacting with customers required
- strong critical thinking and problem solving skills required
- a passion for information security and data security required
- detail oriented with strong organization skills required
- process workflow focus required with strong interpersonal skills including excellent written/verbal communication skills
*position summary*
*primary duties and responsibilities*
- * security assessment framework development and management*: develop, implement and maintain the processes of receiving, reviewing, and responding to security assessment questionnaires from customers, third-party auditors, and regulatory bodies, ensuring responses are accurate, timely, and comprehensive.
- * cross-functional collaboration*: work closely with teams across the organization, including it, legal, compliance, product, and operations, to gather necessary information and data to respond to security-related inquiries.
drive continuous improvement in areas that require improved communication and collaboration between functions.
- * documentation and reporting*: maintain accurate records of completed questionnaires and responses.
prepare and manage reports related to security assessments and audits for senior management and stakeholders.
managing and communicating gaps and open issues identified and ensuring the proper propagation of these items.
- * continuous improvement*: review and refine security questionnaire response capabilities and processes to improve efficiency, consistency, and quality of responses.
management and development of metrics to provide visibility of compliance.
- * compliance oversight*: ensure responses align with regulatory, legal and industry standard compliance requirements (gdpr, soc 2, hipaa, etc.)
and align with the organization's internal security policies and standards.
- * risk assessment and mitigation*: identify potential risks based on customer and auditor assessments and work with relevant departments to mitigate or address these concerns proactively.
- * customer relationship management*: act as the primary point of contact regarding security assessment inquiries.
provide clear, concise, and professional communication to ensure customer confidence in our security practices.
- * training and awareness*: provide guidance and training to internal teams regarding security assessment best practices and the importance of responding to security questionnaires in alignment with company policies and industry standards.
*education and experience*
- bachelor's degree in information security, computer sc