compensation and benefits packages,
IT Compliance Program Manager
Job Summary: The IT Compliance Program Manager provides leadership, oversight, coordination, and delivery of activities supporting successful internal audits and external compliance and regulatory activities, as well as monitoring and enforcement of security policies, standards and regulatory frameworks that govern Kount. This role ensures the ongoing effectiveness of Information Security controls (automated, manual, and needing development), working with a variety of control owners within the IT organization, and evaluating control design and standards in a variety of program areas. This includes ensuring the security and resiliency of Kount’s computing environment, protecting customer and employee information, and complying with audit and regulatory requirements. Areas of focus include ongoing internal audits, annual compliance and regulatory activities, specifically related to PCI. The IT Compliance Program Manager will effectively balance the individual elements of each of these activities, while keeping the overall program on track for annual certification. This position supports the sharing/dissemination of this information to external customers and clients, upon request, following Kount’s requirements and representing Information Security as a strong and effective communicator and liaison.
KEY RESPONSIBILITIES INCLUDE, BUT ARE NOT LIMITED TO:
- Lead, develop and support audit, compliance, and regulatory programs for Information Security and Kount’s internal business partners
- Development and support of a comprehensive third party risk assessment and compliance program.
- Monitor changes to data protection and credit card regulatory and compliance requirements.
- Assess the environment for compliance to internal policies & standards, and external compliance requirements
- Work with external assessors to complete audits based on industry standards as well as confidential risk and security assessment programs.
- Collaborate with IT partners to develop recommendations and action plans for control weaknesses identified by internal and external audits/assessments
- Develop and participate in the risk evaluation and monitoring processes within the organization
- Assist in tracking remediation efforts and work with technology and business groups to meet agreed upon timelines to address security risks in a timely fashion
- Assist in the development and communication of information security awareness campaigns
- Participate on projects to provide risk and controls guidance to ensure future compliance to policies and standards
- Work with IT partners to automate evidence collection, auditing processes, and integrate compliance so that it becomes business as usual.
- Possess knowledge of information security, financial, and/or technology regulatory environment and risk management practices
- Promote proactive readiness activities and enhancement of Information Security-based internal controls to support future internal and external reviews
- Support Information Security risk management reporting activities, including dashboards, metrics, and executive reporting content
- Working with the Security Analyst, advise Information Security leadership on the status of technology risk and compliance issues based on assessment results and information from various monitoring and control systems
- Creation and maintenance of security policies, standards, and procedures.
- Develop and maintain security and compliance information for customer use.
- Audit internal processes and systems to ensure compliance and identify gaps.
- Audit access controls & user permissions to ensure compliance and identify gaps.
QUALIFICATIONS AND MINIMUM REQUIREMENTS:
- 4-year college degree; a mix of education and comparable experience may be considered
- Minimum of 3 years’ experience in information security, audit, risk and/or compliance, preferably in a technology environment
- Experience with industry standards and regulations including PCI DSS, SOC 2, and GDPR.
- Experience leading annual compliance and regulatory activities, specifically related to PCI, strongly preferred.
- Experience working in a software development environment.
- Ability to synthesize a variety of data points into comprehensive and effective execution and risk mitigation plans
- Ability to communicate clearly and effectively with the technical and business stakeholders
- Solid problem solving and analytical skills; able to quickly digest any issue/problem encountered and recommend an appropriate solution
- Ability to deal with ambiguity and make expert judgments in situations where no precedent exists
- Self-motivated without the need for signification management oversight
- Excellent verbal and written communication skills including the ability to author and present materials ranging from detailed technical specifications to high-level presentations
- Familiarity and understanding of broad range of IT hardware and software products
- Experience working with QSAs and IT organizations to complete assessments
- Information Security Certifications: CISSP, CISA
- Familiarity with SIG lite and/or full SIG
- Experience with scrum and agile development methodologies
The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
- Job performed at a desk in front of a computer.
- Requires heavy use of keyboard and mouse.
- Requires sitting for long periods of time.
- Casual work environment.
Kount offers excellent compensation and benefits packages.
Qualified candidates should submit resumes to firstname.lastname@example.org.
Kount is an Equal Opportunity Employer.