Ingram Micro touches 80% of the technology you use every day with our focus on Technology Solutions, Cloud, and Commerce and Lifecycle Solutions. With $46 billion in revenue, we have become the world’s largest technology distributor with operations in 56 countries and more than 30,000 associates. We continue to strategically expand our global reach with 32 acquisitions since 2012.
The Sr. IS Compliance Specialist is responsible for performing, or leading, complex and/or significant compliance reviews, within the IT audits including network, internet, applications, telecommunications, security administration, and contingency planning. Assess risks, develops detail audit/compliance programs, execute audit/compliance programs steps, analyses results and effectively communicate results to the senior management.
On a primarily independent basis, support global activities as they relate to IS compliance including PCI, ISO 27001, Financial Regulations, Statutory Audits, customer commitment obligations such as SOC1 and SOC2 attestation, Internal and External Auditor liaison support and management documentation / reporting. This support will be accomplished by reviewing existing processes, identifying improvements activities and recommending control improvements and/or efficiencies.
- At least 4-5 years of industry experience as a PCI QSA and ability to assess complex PCI requirements.
- Plan and conduct complex IS and integrated audit/compliance projects, including preparation of an objective risk-based assessment and an effective audit/compliance approach.
- Leads and/or participates on audit/compliance of Applications, Enterprise security, IT General Controls, for complying with policies and procedures.
- Manage and support Global IS compliance to security frameworks and standards as they relate to PCI, ISO 27001, SOC1, SOC2 and Regulatory requirements for auditing, reporting and remediation where appropriate
- Work with internal and external stakeholders to assess the IT architecture or proposed IT architecture solutions to identify the risk areas with regards to PCI controls.
- Execute operational activities to support audit and compliance activities including technical validation processes
- Conduct PCI DSS scoping engagements, gap analysis and assessments related to securing the Cardholder Data Environment:
- Collect information and business workflows
- Execute collection of evidence to support compliance status
- Consult with internal clients to help them understand our findings and their remediation options
- Be a liaison for Internet Audit activities, reporting and escalations
- Manage escalation and enforcement for unresolved noncompliance issues
- Manage status of global PCI requirements and status
- Manage monthly, quarterly self-assessment of global IS and reporting
- Provide and present reporting including monthly metric delivery
- Create professional reports tailored to each client that detail assessment findings and include a roadmap of practical, actionable steps for improving their security posture and achieving compliance
- Provide engagement with PCI Brands, 3rd party QSA’s as necessary, which can include 3rd party devices, service providers and middleware applications.
- Support/participate and perform the due diligence and security compliance validation with 3rd party IT solution providers.
- Manage response and status to external reporting for financial compliance in relation to PCI
- Manage and Support External Audit activities and reporting.
- Provide presales and scoping assistance as needed
- Manages the project with timelines, efforts, meeting minutes, and track it until the completion.
- Support and enforce Information Security Policy, Standards, and Guidelines for business operations and technology implementations
- Work with Information Security staff to ensure tools and reporting mechanisms are satisfactorily meeting PCI objectives.
- Maintain strong working relationships with internal and external support teams including Global, Regional Work on special projects as required by management
- Stay abreast of changes within the IS compliance areas including business change requirements and regulatory changes from an international perspective and Country IS associates
- Experience completing PCI DSS Reports on Compliance (ROCs) - strongly preferred
- Familiarity and experience with a variety of security products and technologies - for example, network firewalls, web application firewalls, antivirus solutions, Data Loss Prevention products, and encryption technologies.
Process Improvement and Associate Success:
- Perform business processes value-added assessment of internal controls, systems, processes, financial reporting, and identify opportunities for improvement and efficiencies.
- Actively looks for opportunities to develop new ideas to positively impact existing methods, services, or products.
- Targets performance improvements while analyzing systems and processes.
- Understands, analyses, and documents cost/benefit analysis where appropriate.
- Actively accepts individual and team responsibilities and meet commitments. Takes responsibility for own performance and actions and demonstrates responsibility and teamwork towards overall team/department goals.
- Actively mentors and assists other IS personnel on topics related to IS security
- Effectively multi-tasks on multiple assignments and deliverables.
- Takes and exhibits initiative to further develop technical and professional skills, by attending training and/or willingness to learn new systems or technologies in use by the Information Systems department.
- Possesses understanding of Ingram Micro’s business including knowledge of department names and business processes conducted by each, company global organization, and key customer and vendor segments.
Education and Technical Expertise:
- A Bachelor’s degree in Computer Science, Engineering, or related Science and Math discipline with an IS or Business emphasis is required.
- 8-10 years or more relative experience in a global information technology environment with a background in auditing and process support
- Strong knowledge in commercial or inhouse developed eCommerce applications, ERP applications including SAP, Oracle, Payment Devices and or solutions.
- Information Security background including an understanding of the basic security best practices, standards and methodologies
- IT technical knowledge in support of compliance including Operating System, Database, Networking and Security technologies
- Must possess a valid passport and be legally allowed to leave and return to originating country.
- Ability to formulate detailed technical documentation, remediation requirements
- Strong communication skills for both technical and business level discussions on compliance matters
- Relevant auditing and compliance certification (e.g. QSA, ISA, CISM, CISA, ISO 27001 Lead Auditor) preferred
- Keeps his/her manager informed of any problems, challenges, or unanticipated events affecting his/her work.
- Listens respectfully and avoids interrupting.
- Expresses ideas and suggestions in an organized and concise manner both orally and in written form.
- Solicits and readily accepts constructive feedback.
- Maintains composure when addressing an adversarial or hostile audience.
- Decision Making
- Researches and collects appropriate data points for effective decision making.
- Readily makes recommendations and includes necessary documentation and material to support conclusions.
Develops Innovative Practices
- Identify, develop and manage innovative ideas and solutions to problems.
- Identify opportunities to reduce inefficiencies in work processes.
- Recognizes when it is appropriate to challenge the status quo and when it is not.
- Works as a Team Member
- Supports team decisions to implement changes, suggestions, improvements, and solutions.
- Encourages and supports the exploration and application of best practices.
- Offers assistance to others and shares information regardless of personal likes or dislikes.
- Acts with Integrity & Respect
- Prevents personal conflicts from interfering with his/her objectivity.
- Consistently arrives on time for meetings and appointments.
- Accepts responsibility for the results of his/her decisions and actions.
- Behaves in a way that is consistent with Ingram Micro’s values.
Disclaimer *The duties and responsibilities described are not a comprehensive list and that additional tasks may be assigned to the employee from time to time or as necessitated by business demands.