Information Security Compliance Director

Information Security Compliance Director

Information Security Compliance Director

• Work on data and security-related privacy policies, standards and procedures, and corrective actions as needed.
• Maintain the information management system in collaboration with legal and governance teams. 
• Experience in data protection laws, security standards, information technology trends, and accreditation standards. 
• Risk assessments and security briefings to management and advises them of critical issues that may affect customer or corporate security objectives. Risk assessments, audits, policy, governance, and/or reporting
• Manage vulnerability scanning and penetration testing activities.
• Analyze and remediate issues associated with ISO 27001 compliance, NIST framework, and other security standards.
• Work on processes for investigating, documenting, and reporting unauthorized access or disclosure of personal information. 
• Create and deliver privacy and security-related training programs.
• Map controls to policies, procedures, and processes; testing such controls to ensure adequate coverage.
• Evaluate and recommend security products, services, and/or procedures to enhance productivity and effectiveness. 

• 7+ years’ experience with Information Technology General Controls (ITGCs), control frameworks such ISO27001, SOX, NIST CCF, HIPAA, & GDPR; regulatory compliance assessments,
• Working experience in effective security Governance, Risk, and Compliance functions 
• Experience performing privacy and/or security gap assessments.
• Knowledge of the federal and state privacy rules, regulations, and guidance related to security and privacy including but not limited to:HIPAA, GLBA, Safe Harbor framework, GDPR, CCPA, Generally Accepted Privacy Principles (GAPP), NIST, ISO27001