ROLE SUMMARY
The Information Security Compliance Manger is responsible for leading the efforts in managing and mitigating information security risks and ensuring compliance with internal control framework, relevant industry regulations and standards. The ideal candidate will have a strong technical background in compliance management and Identity and Access Management, along with exceptional communication and collaboration skills.
ROLE PROFILE
- Develop, implement, and audit Identity and Access Management (IAM) policies, role-based access controls, and privileged access management (PAM) across platforms while monitoring for security incidents.
- Manage audit engagements, security posture assessments, and penetration testing to ensure compliance with industry standards and effectively resolve audit findings.
- Track and mitigate identified security risks, oversee the information security risk lifecycle, and maintain security controls aligned with regulatory standards such as the General Data Protection Regulation (GDPR) and ISO 27001.
- Collaborate with managed service providers to ensure service level agreement (SLA) compliance, security reporting, and effective remediation of security risks.
- Demonstrate technical proficiency in IAM/PAM platforms (e.g., Active Directory, CyberArk), IT security solutions (e.g., Cloud Access Security Broker, firewalls), and automation tools in hybrid multi-cloud environments.
- Exhibit a deep understanding of risk management frameworks (e.g., NIST, PCI DSS), security threat frameworks (e.g., MITRE ATT&CK, OWASP), and the ability to respond to high-priority incidents on a 24/7 basis.
REQUIREMENTS
- Exhibit excellent written, verbal, and presentation skills, with the ability to communicate complex ideas to both technical and non-technical audiences. Demonstrate strong interpersonal and collaboration skills.
- Maintain a solid understanding of IT security, system development lifecycle, IT services management, agile and lean methodologies, and ITIL/Enterprise Architecture frameworks. Have experience in troubleshooting and researching new technologies.
- Showcase proven analytical abilities and a strong capacity to prioritize and execute tasks effectively, especially in high-pressure environments.
- Possess 6-8 years of experience across multiple IT security domains, with at least 3 years in a supervisory role managing security risks and compliance, ideally in the retail industry.
- Hold a Bachelor's or Master's degree in computer science, engineering, or a related field.
- Preferred Certifications include Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Information Technology Infrastructure Library (ITIL), and security-specific certifications (e.g., Azure, AWS, Identity and Access Management, Privileged Access Management).