Director, Risk & Compliance
We are seeking a Director, Risk & Compliance for our client in Plainview, NY. This is a full-time permanent position. Candidates should have expereince with SOX, PCI, SOC2, DPR and experience in high traffic, public facing production environments.Duties:
- Develop, update, unify and re-align compliance controls to address new, emerging, and evolving requirements, including compliance certification for:
- Sarbanes-Oxley 404 General Computing Controls (SOX)
- Payment Card Industry Data Security Standards 3.2 or later (PCI or PCI-DSS) for Service Providers
- Service and Organization Controls 2 (SOC2), type II
- General Data Protection Requirements (GDPR)
- Ensure the business demonstrates compliance through ongoing and periodic internal readiness testing, assessments, and walkthroughs.
- Oversee and intervene with process owners to ensure that continual, daily, weekly, monthly, quarterly, semi-annual, and annual controls are sustained.
- Prepare periodic documentation and audit artifacts.
- Coordinate and facilitate certification audits with appropriate vendors.
- Acting as a liaison between the operating, security, and administrative aspects of the company to ensure a complete and timely collection of audit artifacts.
- Communicating Audit process, progress and remediation efforts across the company
- Sustain and operate s risk management program including:
- Sustaining the ongoing risk-register process
- Driving stakeholders for resolutions and mitigations
- Preparing annual risk assessments
- Updating executive management of risk state and mitigation strategies and tactics.
- Update (and advise on the updating of) standards, policies and procedures required to address the organization’s risk and compliance objectives.
- Advise management on tactical and strategic improvements to enhance risk mitigation and compliance capabilities and lower costs of delivery.
- Unify controls and reduce redundant testing, observations, and other compliance activities.
- Provide and oversee the development of written status reports to management.
- Bachelor's degree in Computer Science or related field.
- Strong experience working as a compliance lead including PCI and SOX requirements.
- Proficient in working within and alongside a high technology organization. Must demonstrate a commanding knowledge of appropriate IT, security, and production processes and solutions.
- 5+ years of experience working in IT auditing, security, and/or compliance.
- Familiarity with system architecture principles.
- Excellent communication skills; must be able to articulate strategic concepts along with supporting execution tactics.
- 5 or more years experience working as a risk, security, and/or compliance lead, principal or senior individual contributor.
- 3 or more years experience working in a high-tech environment. Experience in high traffic, public facing production environments a plus.
- CSA certification, desired.
- CISSP or similar certification, preferred.
- PMP and/or Agile experience a plus.
Qualified candidate should submit a word formatted resume to Cheryl.email@example.com.