Infinity Consulting Solutions Wichita , KS 67201
RESPONSIBILITIES AND ACCOUNTABILITIES:
Monitor and report on compliance with security policies, as well as the enforcement of policies across the enterprise.
Provide support and guidance for legal and regulatory compliance efforts, including audit related support as needed.
Conducts third-party audits as required in order to maintain certifications and compliance certificates.
Review risks, threats, vulnerabilities and oversee the development of corrective action plans in partnership with management, IT personnel, and other relevant groups.
Deploy, manage, and maintain a formal information security risk register and the corresponding or associated software.
Direct risk evaluation and compliance management processes as assigned.
Follow up on deficiencies identified in reviews, self-assessments, automated assessments, and audits to ensure appropriate remediation plans have been developed and corrective measures have been taken and documented.
Lead efforts in regulatory compliance and industry best practice standards with PCI DSS, SoX, HIPAA, ISO 27001/27002, NIST, etc.
Consult on other types of security (e.g., security architecture, secure development lifecycle, physical security issues) as needed.
Manage the development and implementation of information security policies, procedures, and guidelines.
Provide guidance and support to management on all policy and standards issues related to information security.
Ensure employees and third parties understand and fulfill applicable information security policies and standard requirements.
Develop and conduct information security training and awareness activities.
Perform other duties as assigned
SKILLS AND REQUIREMENTS:
7+ years of experience in information security governance, risk, and compliance program management.
Bachelors' degree in Computer Science or Information Systems from an accredited college or university, or equivalent of related discipline.
Proven track record in delivering results in a fast paced and highly complex organization.
Ability to understand and apply knowledge of information systems security concepts (e.gl, secure architectures, secure electronic data communications, network security, and protection of sensitive data).
Must be knowledgeable about ISO/IEC 27000 series standards, SoX, PCI requirements, and other regulatory compliance requirements, and have experience working in these environments.
Prior policy development and enforcement experience in a regulated environment.
Prior experience with information security risk management program development and implementation.
Ability to relate business requirements and risks to policy and technology implementation.
Knowledge of risk assessment and remediation procedures.
Ability to work well with other members of the team, peers, and senior management.
Strong communication, interpersonal and presentation skills.
Experience with ISMS Performance Metrics & Reporting.
An advanced degree or security industry relevant certifications preferred.