Director, Risk & Compliance

Director, Risk & Compliance
NY, Plainview

Job Description

We are seeking a Director, Risk & Compliance for our client in Plainview, NY.  This is a full-time permanent position.  Candidates should have expereince with SOX, PCI, SOC2, DPR and experience in high traffic, public facing production environments.

Duties:

  • Develop, update, unify and re-align compliance controls to address new, emerging, and evolving requirements, including compliance certification for:
    • Sarbanes-Oxley 404 General Computing Controls (SOX)
    • Payment Card Industry Data Security Standards 3.2 or later (PCI or PCI-DSS) for Service Providers
    • Service and Organization Controls 2 (SOC2), type II
    • General Data Protection Requirements (GDPR)
  • Ensure the business demonstrates compliance through ongoing and periodic internal readiness testing, assessments, and walkthroughs.
    • Oversee and intervene with process owners to ensure that continual, daily, weekly, monthly, quarterly, semi-annual, and annual controls are sustained.
    • Prepare periodic documentation and audit artifacts.
  • Coordinate and facilitate certification audits with appropriate vendors. 
    • Acting as a liaison between the operating, security, and administrative aspects of the company to ensure a complete and timely collection of audit artifacts.
    • Communicating Audit process, progress and remediation efforts across the company
  • Sustain and operate s risk management program including:
    • Sustaining the ongoing risk-register process
    • Driving stakeholders for resolutions and mitigations
    • Preparing annual risk assessments
    • Updating executive management of risk state and mitigation strategies and tactics.
  • Update (and advise on the updating of) standards, policies and procedures required to address the organization’s risk and compliance objectives.
  • Advise management on tactical and strategic improvements to enhance risk mitigation and compliance capabilities and lower costs of delivery.
    • Unify controls and reduce redundant testing, observations, and other compliance activities.
  • Provide and oversee the development of written status reports to management.

 

Qualifications:

Required/Essential:

  • Bachelor's degree in Computer Science or related field.
  • Strong experience working as a compliance lead including PCI and SOX requirements.
  • Proficient in working within and alongside a high technology organization.  Must demonstrate a commanding knowledge of appropriate IT, security, and production processes and solutions.
  • 5+ years of experience working in IT auditing, security, and/or compliance.
  • Familiarity with system architecture principles.
  • Excellent communication skills; must be able to articulate strategic concepts along with supporting execution tactics.

Desired/Preferred:

  • 5 or more years experience working as a risk, security, and/or compliance lead, principal or senior individual contributor.
  • 3 or more years experience working in a high-tech environment.  Experience in high traffic, public facing production environments a plus.
  • CSA certification, desired.
  • CISSP or similar certification, preferred.
  • PMP and/or Agile experience a plus.

 Qualified candidate should submit a word formatted resume to Cheryl.blumenberg@harveynashusa.com.

Apply Now