It's fun to work at a company where people truly believe in what they are doing!
Will be responsible for providing day to day representation and review of Security Policies to internal and external clients to ensure tolerances are within Epiq's risk appetite. Will also assist in ensuring that the Security Program maintains suitable levels of compliance to applicable laws and regulations through adherence to Security Office policies. Will identify noncompliant and ineffective security processes and controls, including those of our critical third parties, and prioritize actions associated with their improvement. Will work with Security and Compliance teams to recommend and implement policies and procedures to ensure security meets or exceed industry standards.
ESSENTIAL DUTIES AND RESPONSIBILITIES:
Manage Security Office-wide process for Policies, Standards, Procedures, and other Security Office governance documents to be developed, updated, reviewed, approved, and communicated to applicable stakeholders.
Author and coordinate the development and maintenance of Security Policies, Standards and Procedures with structure, quality, and organization. These will be developed in accordance with legal and regulatory requirements and compliance with frameworks including but not limited to the National Institute Standards and Technology (NIST). Collaborate with Subject Matter Experts (SMEs) to gather requirements and deliver documentation.
Manage a common framework for the Security Office to map relevant requirements to Security Office Policy and control objectives in order to create a clear linkage between Polices, Standards, and controls as defined by the Security Office.
Facilitate the management and reporting of risks identified by Epiq's risk assessment teams and the Risk Council.
Work with Legal, Compliance, Internal Audit, and Sales teams to ensure Security policies, processes and procedures are accurately, effectively, and consistently understood and represented throughout the company.
Ensure that controls are adequate to meet Security Policies; conduct assessments and audits based on laws and regulatory expectations (GLBA, FFIEC, PCI-DSS, SWIFT CSP, NIST, CIS Critical Security Controls, etc.). Design and implement accurate and thorough governance gaps assessments to applicable laws, rules, regulations, and industry practices.
Work independently and with the Internal Audit team to measure the effectiveness of security controls as prescribed by Epiq's Security Policy and Standards, regulatory compliance (e.g. FFIEC Cybersecurity Assessment Tool), the CIS Critical Security Controls, and ISACA's COBIT 5.
Manage external service providers which assist the Security Office in performing security vendor assessments.
Coordinate across Security Office teams a cohesive approach in assessing vendor risk across Security, Privacy and Business Continuity through common processes, reporting, and tool
Broad understanding of Information Security concepts.
Familiarity with security frameworks and various compliance requirements.
Communicate effectively through written and verbal means to co-workers and senior leadership and effectively manage multiple tasks simultaneously, coordinating and ensuring that scheduled goals are met.
Experience with the conduct of an information security investigation and remediation.
Experience with security technology and processes used to defend an international enterprise network.
Experience analyzing business or technical problems and proposing and implementing solutions.
Excellent communication skills, verbal and written and be a self-managed / self-driven individual.
Ability to deal with changing priorities and multi-task several projects.
EDUCATION AND EXPERIENCE
Results Driven - Sets stretch goals for personal and team accomplishment and works tenaciously to achieve those goals; acts with a sense of urgency; takes the initiative on actions; identifies what needs to be done and takes action before being asked; does more than what is normally required in a situation; establishes metrics to monitor progress and measure success; maintains focus by avoiding or overcoming roadblocks.
Client Focus- Takes action with the clients, both internal and external, and sees their needs as a primary focus; builds a sustaining collaborative and productive relationship with clients; seeks to understand client situations, issues, expectations, etc.; takes appropriate action to meet client needs and address concerns; implements or utilizes methods to monitor and evaluate client feedback.
Building Effective Relationships Identifies opportunities to build strategic relationships with individuals in other areas of the business in an effort to achieve business goals; develops the partnership through information exchange, clarification of partnership benefits and definition of partnership scope and expectations; recognizes the business concerns and perspective of others; shares information and own expertise with others to enable them to accomplish group goals
Integrity- Behaves in an honest, fair and ethical manner; shows consistency in words and actions; does what she/he commits to doing; respects the confidentiality of information or concerns shared by others; is honest and forthright with people; carries his/her fair share of the workload; takes responsibility for own mistakes.
If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us!
Epiq and its affiliated companies are Equal Opportunity Employers (EOE). Qualified applicants are considered for employment without regard to age, race, color, creed, religion, sex, national origin, sexual orientation, disability, marital or veteran status or any other category protected under applicable federal, state or local law. In addition Epiq will take affirmative action for minorities, women, covered veterans and individuals with disabilities. If you need assistance or an accommodation during the application process because of a disability, it is available upon request. Epiq is pleased to provide such assistance and no applicant will be penalized as a result of such a request. Pursuant to relevant law, where applicable, Epiq will consider for employment qualified applicants with arrest and conviction records.
Epiq Systems, Inc.