Information Security Manager-(2200010R)
CWT’s global information security organization is seeking to hire an Information Security Manager to join its Security Risk and Compliance team .
The role will provide support for information security governance, risk management, and audit and compliance activities across CWT
What You Will Be Doing
Manage internal security assessments and security reviews; conduct security risk analysis of business processes and technology solutions to evaluate whether they comply with internal security policies and standards as well as regulatory / industry requirements and security best practices.
Support annual security compliance audits (e.g., PCI DSS, SOC 1 / SOC 2, ISO 27001 : 2013).
Manage the third-party / vendor security risk assessment process; monitor and report on progress of third-party / vendor security risk treatment activities by business owners.
Support the Sales process by participating in customer-initiated security due diligence and / or vendor qualification audits, reviewing security terms in customer contracts, and helping to respond to security questionnaires and documentation requests from customers.
Manage DLP remediation work in compliance with PCI DSS
Assist with maintenance of information security program documentation consisting of information security policies, standards, and guidelines, and coordinating management ratification of policies and standards at regular intervals.
Participate in improving the overall Security culture across CWT; contribute to employee security awareness campaigns and educational activities to address areas of potential risk and / or gaps in compliance.
What You Need for this Position
10+ years of demonstrable experience in security risk management, auditing and compliance, with a focus on supporting security risk assessments and security audit and compliance activities.
Good interpersonal communication skills with experience and confidence in collaborating with internal and external partners and stakeholders to develop productive relationships and achieve positive security risk management outcomes.
Ability to learn quickly with a willingness to take ownership for new projects and learning new technologies and methodologies.
Good understanding of industry standards for compliance such as ISO 27001 : 2013, PCI DSS, and SSAE 18 SOC 1 / SOC 2 attestation standards.
Basic understanding of risk assessment methodologies and best practices.
Ability and willingness to produce and maintain documentation and reports, specifically developing policies, standards, risk assessment reports, and other forms of Security Risk Management Program documentation.
Possess or actively seeking information security or IT audit certifications, such as CISSP, CISA, CISM CRISC, or their equivalent.