This is a unique opportunity to expand your skills and influence a growing Cybersecurity Program and you must be able to obtain SC clearance if required. Ideally you would also have experience of public sector security compliance including the Ministry of Defence. This opportunity provides the ability to work with various teams to evaluate controls, perform control testing to improve efficiency and effectiveness of the internal controls, monitor regulations for new or changed requirements, and coordinate with internal and external auditors to ensure compliance. You will facilitate control reviews to accommodate new business areas as well as changes in processes. Assist the technology teams in identifying gaps between policy and process, developing recommendations to remediate control weaknesses as well as executing 3rd party risk management reviews of key third party service providers to ensure compliance obligations are being met including the monitoring of any remediation plans to address their weaknesses. Working with the pre-sales and professional services groups as a security SME responding to customer inquiries, RFP's and building trust with customers.The Day to Day:
Technology GRC (governance, risk, compliance) Methodology:
- In support of multiple attestations (ISO27001, PCI, SSAE 18 SOC2 Type2) plan, design and execute controls testing, controls assessment and documentation across all domains for IT General Controls, (PCI DSS) Payment Card Industry, Data Privacy, HIPAA and other GRC requirements, as appropriate.
- Serve as trusted advisor and technology key controls subject matter expert; partner to evaluate the design and effectiveness of the control environment, both operational and technical; to develop trending for remediation efforts and overall compliance with regulatory and operational standards, and to build compliance programs including detailed exception reporting and complex configuration monitoring requirements.
- Provide direction and guidance in pre-implementation reviews of new systems and services to ensure proper controls are implemented and executed to meet compliance.
- Validate information security key controls to identify control risks, analyze root causes and trends in potential control weaknesses; suggest new controls to meet GRC standards where applicable.
- Be a trusted advisor for in scope internal and external audits to expedite reviews and mitigate operational impacts.
- As an integral member of the team exhibit ownership, follow through, initiative, awareness and effective communication with peers and management.
- Engage with the sales process to answer customer questions on the security program.
- Prepare and provide accurate, timely communications of observations, recommendations and conclusions as well as evaluating management remediation action plans.
- Ability to lead meetings with business partners to define compliance process, initiate assessments, and articulate results to include remediation plans.
- Partner to gain consensus on Compliance approaches with a proven ability to effectively communicate remediation and prevention.
Experience with the following required:
- Ability to understand business requirements, to help design and implement GRC management practices for all supported technology environments.
- Passionate about continuous improvement and ownership of controls across systems and processes.
- Consistently shows the ability to mentor others as it relates to JAGGAER's data and processes.
- Ability to drive compliance and communicate the compliance posture along with risk exposure to senior leader supporting technology infrastructure.
- Ability to help develop and deliver compliance training and awareness type activities with proven results across all domains.
- Maintain a strong knowledge base and awareness of industry and technology trends, external regulations for new or changed requirements within technology and identify industry standards for core processes (e.g. NIST, PCI, ITIL, data privacy etc.).
Education and/or Experience:
- Must have detailed knowledge and experience with technology controls across a variety of Industry frameworks and how to assess controls supporting compliance for SOX, PCI, and Privacy.
- Developing dynamic approaches to the implementation of and technology compliance program utilizing a variety of testing methods, both manual and automated, to provide qualitative and quantitative results where applicable.
- Proven ability to independently gather test evidence and translate compliance findings into actions.
- Able to assess, identify, and document third party system compliance deficiencies and recommends solutions to include understanding SOC reports.
- Excellent communication skills to include but not limited to verbal and written communication; delivering organized presentations; able to tailor message to the audience; and facilitate group discussions with diplomacy and seek diverse opinions.
- Excellent analytical skills with experience in data analysis to support reporting and testing processes.
- Dedication and commitment to world class service and to exceeding customer expectations.
- Desire to keep current with technology and emerging technology compliance trends.
- Possess strong organization and time management skills.
- Demonstrated flexibility in a fast paced and agile environment.
- Bachelor's degree in Business/ Computer Science/Technology with IT audit or compliance experience.
- In depth knowledge of information security, Technology Compliance management industry frameworks and standards: NIST, OWASP, SANS, ISO-27001/2, SANS, and Cobit.
- 3+ years working experience with enterprise technology compliance management programs, or Auditing experience, controls testing, conducting ITGC and PCI assessments and leading related project teams as a security subject matter expert in privacy, data security and control issues with technologies such as Cloud, SaaS, Linux, Windows, VMware, Intrusion Prevention
- Previous working experience and knowledge of two or more security functions (IT Compliance Assessor, QSA, Security Specialist, IT Auditor).
- Possession of one of the following industry certifications required : CISA, CRISC, CIA, CISM, PCI, CISSP.
JAGGAER is an Equal Opportunity employer and will consider all applicants for employment without regard to race, religion, gender, sexual orientation, gender identity, national origin, age or disability status.
- 25 days of annual leave
- Birthday off
- Dental care
- Social events
- Friday bar
- Flexible working environment
- Generous pension contribution
- Subsidised gym membership