The role will manage and execute risk management functions, security project management, promote organizational security awareness functions and assist the Senior Manager of Global Information Security Risk and Compliance in policy development. In this role, the manager will also ensure the organization complies with statutory and regulatory requirements and standards regarding information storage, access, security and privacy. The ideal candidate will have a track record of success in the information security field and possess a solid understanding of information security methodologies. As well as regulatory and compliance requirements as they relate to all lines of business and across all functional areas within CareerBuilder.
- Function as point of contact and subject matter expert relating to IT Governance & regulatory compliance.
- Drive the identification, implementation, and improvement of the organizational privacy strategy, framework, and standards globally.
- Develop and implement processes to identify and address evolving privacy risks inherent in the organization's operations, and in the development of new products, services and technologies
- Define, enable and manage processes for data subject/individual rights and requests, and ongoing tracking and monitoring of such processes and requests.
- Provide "privacy by design" counseling to cross-functional teams for new products and initiatives
- Define and maintain privacy related management information to assist with reporting and demonstrating accountability to relevant stakeholders
- Maintain and report on security controls required by NIST, HIPAA-HITRUST, GDPR, PCI, SSAE-18 Type 1 SOC 2 , ISO 27001 & SOX and other regulatory requirements and security and privacy compliance frameworks
- Execute risk assessment and continuous compliance monitoring (auditing) of IT controls
- Coordinate IT participation in and follow-up on internal and external audits
- Assist in managing the planning, designing, writing, and finalization of policies, control framework and procedures to comply with NIST guidelines.
- Monitor remediation activity and verify control effectiveness for identified weaknesses
- Coordinate IT SMEs and documentation in preparation for customer or other authority audits
- Performs assessments of Third Party services providers including cloud services for adherence to best practices or known frameworks like NIST, etc.
- Prepare and distribute reports to IT staff and management
- Provide consultation to IT staff in interpretation of audit observations and formulation of corrective action plans
- Oversee documentation, reporting, and closure of compliance or quality issues
- Provide interpretation and consultation to staff and project teams on regulations, guidelines, compliance status, and policies and procedures.
- Other duties as assigned
- 3-7 year experience in privacy regulations (e.g. GDPR, HIPAA, CCPA, PIPEDA etc) and demonstrable experience in the interpretation of and compliance with such regulations in a complex business environment.
- 3 - 7 years' in IT, or Audit, including specialization in IT Security and/or a combination IT Compliance, IT Audit, and Information Security
- Five (5) years' experience managing IT Compliance programs and monitoring, with specific emphasis on NIST/ ISO/ HIPAA/PCI/ SSAE-18 related requirements.
- Subject matter expertise with security and compliance lifecycles and industry frameworks, standards, and guidelines (NIST, FISMA, ISO, COBIT, ITIL)
- Experience and expertise in the development, execution, and maintenance of HITRUST compliance or equivalent HIPAA Experience.
- Bachelor's degree in Computer/Information Science (or related BS degree).
- Must be able to build and leverage internal and external relationships, facilitate decisions and results at all levels of the enterprise, and drive strategies and projects to solution.
- Be able to provide manage a wide range of compliance issues relating information security; coordinate remediation efforts throughout the enterprise, analyze risks and implement mitigation actions;
- Demonstrated analytical and problem-solving skills applied to both technical and business challenges.
- Knowledge of applicable practices and laws relating to data privacy and protection.
- Knowledge of basic software programming paradigms and best practices inclusive of, but not limited to, Privacy by Design and OWASP.
- General knowledge of hardware systems and architectures, both traditional data center and public-cloud.
- SDLC operational lifecycle familiarity
- Ability to relate regulatory or framework requirements to multiple parties including engineering staff of both hardware and software.
- Project management experience.
- Experience in strategic planning, budgeting, consulting, and general industry experience.
- Proficient ability to react to high pressure dynamic changing environments.
- Proficient ability to effectively utilize resources throughout the organization as well as external vendors.
- Demonstrated effective leadership and communication skills.
- Experience working in a team-oriented, collaborative environment.
- Demonstrated results orientation, initiative, attention to detail, and customer service orientation.
- Excellent written, verbal and presentation communication skills
- Obtained or demonstrates an active pursuit of one or more of the following certifications: CISM, CISA, CGEIT, CRISC certifications, Project Management Professional (PMP) or other related certifications.
- 3-5 years' Project Management experience to include Participation in life cycle project implementations (from scoping/planning, requirements gathering, design, development, testing, launch and support).
This position will work with confidential and proprietary information that requires a signed Employee Non-Disclosure Agreement upon hire.
**This role is remote. All CareerBuilder teams are currently remote due to COVID-19. When it is safe to return to the office, those teams will transition back to the office.**