INDIA JOB PROFILE NAME: Sr. IT Compliance Specialist-IND
BUSINESS TITLE: Sr IS Compliance Specialist
GRADE PROFILE: TBD by Location
JOB FAMILY GROUP>JOB FAMILY>DISCIPLINE:
Information Technology>IT Security>Information Security
REPORTS TO: Manager, IT Compliance
TIME TYPE: FT
TARGET TEAM SIZE: 0
PREPARED BY: Madhur Sharma and Suzanne Levin Herrera
POSITIONS REPORTING TO THIS POSITION: N/A
DATE PREPARED: Finalized April 15, 2020
JOB FAMILY SUMMARY
HRBP: Insert Job Family Summary from Job Catalog Guide
Design, install, manage, and implement business plans, policies and procedures to maintain systems, network, database and/or Web security; develop, implement, and maintain information security, including access management, vulnerability assessments, penetration testing, infrastructure, and regulatory compliance; responsible for reporting, investigation, and resolution of data security incidents; analyze business needs and oversee security architecture, administration, and policy planning to lessen possibility of security breach; recommend enhancements to plug potential security gaps. Prevent IT-based crime, hacking, intentional or inadvertent modification, disclosure, or destruction to an organization's information systems and IT assets and intellectual property including: Designing, testing, and implementing secure operating systems, networks, and databases; Password auditing, network based and Web application based vulnerability scanning, virus management, and intrusion detection; Conducting risk audits and assessments, providing recommendations for application design. Monitoring and analyzing system access logs; Planning for security backup. Provide guidance and direction on best practices for the protection of information; ensure compliance with regulations and privacy laws. May oversee internal or external systems security (e.g., cloud services).
SPECIFIC JOB SUMMARY DESCRIPTION
Describe the specific scope, responsibilities and requirements for this position. Ensure consistency with the global level definitions above. This section may be copied into Jobvite to provide more information for the recruiter.
The Sr. IS Compliance Specialist is responsible for performing, or leading, complex and/or significant compliance reviews, within the IT audits including network, internet, applications, telecommunications, security administration, and contingency planning. Assess risks, develops detail audit/compliance programs, execute audit/compliance programs steps, analyse results and effectively communicate results to the senior management.
On a primarily independent basis, this position supports global activities as they relate to IS compliance including PCI, ISO 27001, Financial Regulations, Statutory Audits, customer commitment obligations such as SOC1 and SOC2 attestation, Internal and External Auditor liaison support and management documentation / reporting. This support will be accomplished by reviewing existing processes, identifying improvements activities and recommending control improvements and/or efficiencies.
- Plans and conducts complex IS and integrated audit/compliance projects, including preparation of an objective risk-based assessment and an effective audit/compliance approach.
- Leads and/or participates on audit/compliance of Applications, Enterprise security, IT General Controls, for complying with policies and procedures.
- Manages and supports Global IS compliance to security frameworks and standards as they relate to PCI, ISO 27001, SOC1, SOC2 and Regulatory requirements for auditing, reporting and remediation where appropriate
- Works with internal and external stakeholders to assess the IT architecture or proposed IT architecture solutions to identify the risk areas with regards to PCI controls.
- Assesses the network architecture and or reviews the Firewall rulesets, Network devices/appliances to see if they are aligned with the PCI control requirements and recommends compensatory controls where necessary.
- Executes operational activities to support audit and compliance activities including technical validation processes.
- Conducts PCI DSS scoping engagements, gap analysis and assessments related to securing the Cardholder Data Environment:
- Collects information and business workflows
- Executes collection of evidence to support compliance status
- Consults with internal clients to help them understand our findings and their remediation options
- Is a liaison for Internet Audit activities, reporting and escalations
- Manages escalation and enforcement for unresolved noncompliance issues
- Manages status of global PCI requirements and status
- Manages monthly, quarterly self-assessment of global IS and reporting
- Provides and present reporting including monthly metric delivery
- Creates professional reports tailored to each client that detail assessment findings and includes a roadmap of practical, actionable steps for improving their security posture and achieving compliance
- Provides engagement with PCI Brands, 3rd party QSA’s as necessary, which can include 3rd party devices, service providers and middleware applications.
- Supports/participates and performs the due diligence and security compliance validation with 3rd party IT solution providers.
- Manages response and status to external reporting for financial compliance in relation to PCI
- Manages and supports External Audit activities and reporting.
- Provides presales and scoping assistance as needed
- Manages the project with timelines, efforts, meeting minutes, and tracks it until the completion.
- Supports and enforces Information Security Policy, Standards, and Guidelines for business operations and technology implementations
- Works with Information Security staff to ensure tools and reporting mechanisms are satisfactorily meeting PCI objectives.
- Maintains strong working relationships with internal and external support teams including Global, Regional Work on special projects as required by management
- Stays abreast of changes within the IS compliance areas including business change requirements and regulatory changes from an international perspective and Country IS associates
- Experiences completing PCI DSS Reports on Compliance (ROCs) - strongly preferred
- Has familiarity and experience with a variety of security products and technologies - for example, network firewalls, web application firewalls, antivirus solutions, Data Loss Prevention products, and encryption technologies.
Process Improvement and Associate Success
- Performs business processes value-added assessment of internal controls, systems, processes, financial reporting, and identify opportunities for improvement and efficiencies.
- Actively looks for opportunities to develop new ideas to positively impact existing methods, services, or products.
- Targets performance improvements while analysing systems and processes.
- Understands, analyses, and documents cost/benefit analysis where appropriate.
- Actively accepts individual and team responsibilities and meet commitments. Takes responsibility for own performance and actions and demonstrates responsibility and teamwork towards overall team/department goals.
- Actively mentors and assists other IS personnel on topics related to IS security
- Effectively multi-tasks on multiple assignments and deliverables.
- Takes and exhibits initiative to further develop technical and professional skills, by attending training and/or willingness to learn new systems or technologies in use by the Information Systems department.
- Possesses understanding of Ingram Micro’s business including knowledge of department names and business processes conducted by each, company global organization, and key customer and vendor segments.
Education and Technical Expertise
- A Bachelor’s degree in Computer Science, Engineering, or related Science and Math discipline with an IS or Business emphasis is required.
- 5 years or more relative experience in a global information technology environment with a background in auditing and process support
- Strong knowledge in commercial or inhouse developed eCommerce applications, ERP applications including SAP, Oracle, Payment Devices and or solutions.
- Information Security background including an understanding of the basic security best practices, standards and methodologies
- Possess strong understanding of information systems and networking diagrams
- Experience evaluating the security infrastructure for large enterprise merchants or service providers
- Working knowledge of the financial industry and the lifecycle of payment card transactions
- Working experience with software development methodologies and practices
- Working knowledge of audit methodologies and security assessment tools
- Methodical and organized; able to manage multiple opportunities, projects, and partners concurrently;
- Excellent written and oral communication skills, can express thoughts clearly, knows how to listen and is able to contribute in a team environment
- IT technical knowledge in support of compliance including Operating System, Database, Networking and Security technologies
- Ability to formulate detailed technical documentation, remediation requirements
- Relevant auditing and compliance certification (e.g. QSA, ISA, CISM, CISA, ISO 27001 Lead Auditor) preferred
- Keeps his/her manager informed of any problems, challenges, or unanticipated events affecting his/her work.
- Listens respectfully and avoids interrupting.
- Expresses ideas and suggestions in an organized and concise manner both orally and in written form.
- Solicits and readily accepts constructive feedback.
- Maintains composure when addressing an adversarial or hostile audience.
- Researches and collects appropriate data points for effective decision making.
- Readily makes recommendations and includes necessary documentation and material to support conclusions.
Develops Innovative Practices
- Identify, develop and manage innovative ideas and solutions to problems.
- Identify opportunities to reduce inefficiencies in work processes.
- Recognizes when it is appropriate to challenge the status quo and when it is not.
Works as a Team Member
- Supports team decisions to implement changes, suggestions, improvements, and solutions.
- Encourages and supports the exploration and application of best practices.
- Offers assistance to others and shares information regardless of personal likes or dislikes.
Acts with Integrity & Respect
- Prevents personal conflicts from interfering with his/her objectivity.
- Consistently arrives on time for meetings and appointments.
- Accepts responsibility for the results of his/her decisions and actions.
- Behaves in a way that is consistent with Ingram Micro’s values.
Exercises good, consistent judgment when evaluating technical implementations or business requirements against corporate policies or escalating issues
- Works with people from different countries and cultures
- Works in high pressure situations related to IS security matters
- Is available for support requirements based on global responsibilities
- Works early morning and late evening hours and weekends, when required
- Communicates effectively in writing; writes clear, concise and factual evaluation documents that can be understood by others
- Participates in meetings several times a month to give and receive information
- Follows direction and procedures accurately; organize sfacts and figures; apply basic math
International travel is required. Must possess a valid passport and be legally allowed to leave and return to originating country.