The Compliance Manager will support the Senior Director, External Compliance Programs in the achievement of compliance with regulatory requirements and industry standards as they pertain to the IT environment for all business units worldwide. The successful candidate will demonstrate a unique blend of technical, business development and management skills including strategic thinking, simultaneously planning and implementing projects, and providing leadership and direction to mature the process.
- Assist leadership to design, develop and oversee procedural controls to monitor compliance risks, including progress tracking of treatment plans to verify successful completion of remediation activities.
- Design and document IT General Controls to ensure the business demonstrates compliance with its obligationsunder the Sarbanes Oxley Act
- Validate IT key controls to identify control risks, analyze root causes and trends in potential control weaknesses; suggest new controls to meet compliance standards where applicable
- Provide advice and guidance to the business to ensure continued compliance in a dynamic, fast paced environment
- Help prepare for and facilitate assessments and examinations by qualified security assessors auditors, regulators, and other similar bodies.
- Maintain and present compliance reports and remediation tracking documents to convey and influence compliance status of all relevant compliance programs.
- Assist in the promotion of a compliance culture that encourages an “ open door” policy for staff to seek clarification on compliance matters.
- Enable continuous improvements of the GRC function by identifying and communicating enhancement opportunities to department leadership
- Manage and support the performance and development of other team members within the External Compliance unit
- Detailed knowledge of Sarbanes Oxley 404 general computing controls and SSAE18 testing
- Knowledge of PCI standards essential (PCI DSS, PA DSS, PCI PIN, etc.)
- Experience working in card payments environment desired
- Research and proactively communicate new, evolving industry and regulatory requirements with colleagues at all levels of the organization and obtain agreement on practical plans to reach compliance
- Prepare clear concise and accurate documentation and reports
- Strong communication and presentation skills with an ability to tailor communications to different audiences
- Establish and build effective relationships with internal and external stakeholders worldwide
- Ability to work in a complex and evolving environment
- Demonstrate strong project management and execution skills, including prioritizing tasks, balancing workload, anticipating next steps and adapting to change
- BA/BS in Information Systems or a related technical field; Master’ s degree preferred
- Minimum 7+ years’ experience working in an information security, information technology or information risk management related field
- CISA, CISM, CISSP or other relevant qualifications preferred
- Demonstrated experience in implementing compliance frameworks, such as ISO 27001, ISMS implementation, COSO, COBIT, etc., for financial services organization or organizations with similar information security needs and requirements;
- Thorough understanding of industry standards and regulations including PCI DSS, PCI PIN, PA DSS, P2PE, COSO, and SOX
- Familiarity and understanding of broad range of IT hardware and software products
- Willingness to travel domestically and internationally, if required
- Ability to operate within a multi-cultural, multi-time-zone environment
- High ethical standards, operates with integrity and professionalism