• Information Security & Compliance Manager

    Job Locations US-GA-Alpharetta
    Posted Date 7 days ago(11/9/2018 9:51 AM)
    Requisition ID
    2018-3630
    # of Openings
    1
    Job Family
    Information Technology
  • Overview

    Datascan is one of the best kept secrets in the job-market today.  A privately held subsidiary of JM Family Enterprises, DataScan is the industry leader in the automotive asset finance & risk management space, and regularly listed as one of the top companies to work for in the United States (as part of JM Family).  Operating as a top-tier software development and services organization, DataScan is an impressive employer with a significant offering including:

    • Strong company values and culture
    • Impressive associate benefit package
    • Great career growth & development opportunities
    • Innovative, collaborative, and progressive environment
    • Strong community involvement
    • Great downtown Alpharetta location

    Job Description

    Our Information Security & Compliance Manager position is a very unique role that offers the career opportunity to lead, learn and grow in many areas.  The role participates actively across all InfoSec and compliance programs and participates in decisions and advice related to business operations, technology operations, and overall risk management.  Leadership and strategy are key elements of this position.  It offers the opportunity to work with a strong team in a challenging environment, while delivering creative solutions across the entire organization.

     

    The key purpose of this role is to drive behaviors and results for DataScan related to critical areas of interest for Information Security and Compliance.   This is accomplished through engagement at all levels of the organization and operations.  The largest volume of activities for this role will be compliance/risk related with a secondary focus on technical/development input and controls.  The selected candidate must have a solid understanding of technical security controls, compliance and governance process/modeling, and ideally will have a strong technology-security architecture background.  

     

    Specific responsibilities include, but are not limited to:

    • Partner with business, technical, HR, and compliance resources in support of customer related security and compliance activities (including annual open-house and special client or vendor visits) several times per year.  
    • Ownership (consulting, mentoring, communications, tracking and management) of all enterprise training related to information-security, risk, and compliance (i.e. threat management, ethical behavior, etc…).  
    • Partner with business and technical resources to plan, coordinate, execute, and reporting related to the annual DataScan certification events (i.e. SOC1)
    • Partners with IT, Business Compliance, Legal and HR representatives to ensure that all technology information security, risk and compliance controls adequately meet business compliance requirements.
    • Responsible for working with Technical Engineers, Vendors, SME’s, Project Managers, and Business Analysts to provide input into technical and functional compliance requirements and plans where necessary.
    • Responsible for driving compliance to JM Family identified security frameworks and practices where applicable.
    • Partner closely with Compliance Manager to evaluate and deliver client IT risk assessments and provide a strong focus to ensure the company manages, mitigates, and swiftly responds to any audit findings that require action.
    • Leads the tracking and management of DataScan enterprise technology-risk, security, governance, and compliance standards related to the policies and procedural documentation.
    • Track and monitor the completion of vulnerability, static and dynamic scans (penetration testing, ethical hacking, etc…). 
    • Coordinate threat modeling activities and provides recommendations for technology security controls (vulnerability assessments, responses, execution).
    • Responsible for general DataScan awareness and education related to information security, risks, threat-management, compliance, and overall best-practices.
    • Responsible for security, compliance, risk-tracking, and mitigation reporting and metrics to help guide strategic planning and decisions (verbal updates, dashboards, etc…).
    • Strategic leadership and guidance related to the implementation of security measures and controls.
    • Coordinate security plans with clients and external vendors.
    • Ensure InfoSec compliance related activity documentation is maintained throughout the year.
    • Conduct internal and external security assessments and root cause analysis related to security events & incidents.
    • Establish & facilitate risk tracking and mitigation reports/metrics to help guide Infosec and operational needs.
    • Advise and provide awareness/training in the subjects of cyber security, risk and best practices.
    • Manage network, intrusion detection and prevention systems.
    • Define, implement and maintain corporate security policies.
    • Manage & participate in projects ensuring alignment to information security policy and standards.
    • Partner with IT, Business Compliance, Legal and HR representatives to ensure that all technology information security, risk and compliance controls adequately meet business compliance requirements.
    • Work with Technical Engineers, Vendors, SME’s, Project Managers, and Business Analysts to provide input into technical and functional compliance requirements if necessary.
    • Drive compliance with company identified security frameworks and practices (NIST & CSA).
    • Partner with the business in support of customer related security and compliance activities including presentations to business customers several times per year.

    Job Requirements

    A well-qualified candidate for this position would meet the following qualifications;

     

    • Bachelor's degree or higher required
    • CISM, GRCP, CGRC, etc…
    • CEH Certified or equivalent knowledge required
    • Minimum 5 years professional experience in the fields of information security, risk management, audit and compliance 
    • Strong background in designing, operating and conducting assessments of information security controls
    • Working knowledge and direct experience of at least two security control frameworks (NIST, ISO, CObIT, CSF, CSA, etc.) 
    • Knowledgeable in secure software design and SDLC
    • Value-ad is ability to understand, review and coordinate software security analysis efforts.
    • Experience with audit, compliance and regulatory regulations (e.g., SOC1, PCI-DSS, HIPAA, GLBA)
    • Professional demeanor and ability to work effectively with all levels of management with excellent verbal and written communication, organizational, and interpersonal skills
    • Proven ability to manage projects to successful completion 
    • Excellent Project management skills, including ability to create and maintain project plans, schedules, and metrics and progress reports/presentations. 
    • Ability to work effectively with technical and non-technical personnel in a cross-functional setting. 
    • Ability to relate security principles and processes to business and organizational value.
    • Ability to prioritize and execute tasks in a high-pressure environment.
    • Experience and familiarity working within a software development organization
    • Experience working in a team-oriented, collaborative environment.
    • Ability to travel. This position is based in Alpharetta, GA.
    • Proficient with Microsoft Office Suite
    • Proven ability to work productively and efficiently in an independent setting
    • Initiative and innovative abilities to develop processes and programs across an organization
    • Strong organizational skills, attention to detail, and ability to multitask

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed