First
11.05.2013, 12:45
First is currently seeking a dynamic individual to become part of our IT team as an Information Security Manager.
Position Summary:
The Information Security Manager will focus on compliance for all First systems, applications, processes, controls & solutions. The Manager ensures that all information security controls are operating effectively, and that all non-compliant controls are documented and managed, including those requiring reporting to external groups such as Internal Audit and Ethics & Compliance. This role serves as the primary information security interface and knowledge support relative to Information Security Compliance. The Information Security Manager collaborates with control and finding owners to ensure that controls are operating effectively, or being effectively managed / remediated so that non-compliant controls are brought into compliance.
Duties and Responsibilities:
Audit Management: Central point of management for all internal and external information security audit engagements, findings, management responses; executive management briefings, reporting, tracking and attestations. Coordinate evidence collection and roadmap / date timelines within the Innovation Team to ensure compliance / audit adherence and or mitigation.
Regulatory Management: Primary oversight and reporting, collaboration with corporate stakeholders, regulatory compliance and ongoing remediation efforts.
General Compliance: Utilize technology and processes to assess ongoing compliance across the full range of security controls.
Coordinate, execute and manage internal and external audit and planning engagements across the Innovation Group. Responsible for final management response to all audit findings. Provide ongoing summary reports and tracking remediation recommendations.
Compile and develop regulatory reports, controls and objectives for PCI SOX GLBA, FERPA etc.; Responsible for ensuring attestations and IT/business responses and mitigations are incorporated and represented in accordance with business objectives and IT strategy; Publish reports for internal and external requirements as directed by Corporate Legal; Maintain roadmap and awareness for pending requirements and dependencies.
Act as the Information Security Officer (ISO) in owning and maintaining the information security program. Ensure the information security program addresses evolving security threats, scales appropriately with the business, and meets compliance requirements.
Oversee the evaluation and selection of new or replacement security solutions. Ensure that requirements are understood, and proposed solutions adequately meet those requirements. Build relationships with vendors, lead price negotiation efforts and ensure solutions are cost-effective.
Manage the operational information security team. Ensure the information security team efficiently accomplishes the following responsibilities:
Evaluate the First security posture through formal risk assessments and specific security-related audits. Drive remediation efforts to address high-risk areas.
Provide security expertise and analysis to other business functions, such as software development, architecture, project management, and audit.
Develop and maintain efficient metrics for measuring security control effectiveness and risk.
Requirements:
A Bachelor's degree in Computer Science or a related field, or equivalent experience is required.
A minimum of 7 years progressive experience in Governance, Risk and Compliance functions.
Working knowledge and experience of relevant standards, regulations, or legislative instruments, including:
• ISO 27001 and ISO 27002 standards for Information Security
• PCI DSS (Payment Card Industry Data Security Standard)
• OX (Sarbanes Oxley)
• GLBA (Graham Leach Bliley Act)
Certifications such as CISA, GRCP, CISM, and CISSP are preferred.
Strong business analysis skills
Able to Learn quickly, absorb and retain information, and apply knowledge when and where relevant
Self-motivated and able to work on own initiative with minimal guidance
Logical approach to problem solving and ability to prioritize work appropriately
Experience of managing a varied and heavy workload
Ability to prioritize work appropriately
Excellent interpersonal, written communication and presentation skills
Creative and innovative, yet pay close attention to detail
Strong team player
If interested, please send a CV (photo attached) at jobs27@first.al
Tel. : 22 53 974
Position Summary:
The Information Security Manager will focus on compliance for all First systems, applications, processes, controls & solutions. The Manager ensures that all information security controls are operating effectively, and that all non-compliant controls are documented and managed, including those requiring reporting to external groups such as Internal Audit and Ethics & Compliance. This role serves as the primary information security interface and knowledge support relative to Information Security Compliance. The Information Security Manager collaborates with control and finding owners to ensure that controls are operating effectively, or being effectively managed / remediated so that non-compliant controls are brought into compliance.
Duties and Responsibilities:
Audit Management: Central point of management for all internal and external information security audit engagements, findings, management responses; executive management briefings, reporting, tracking and attestations. Coordinate evidence collection and roadmap / date timelines within the Innovation Team to ensure compliance / audit adherence and or mitigation.
Regulatory Management: Primary oversight and reporting, collaboration with corporate stakeholders, regulatory compliance and ongoing remediation efforts.
General Compliance: Utilize technology and processes to assess ongoing compliance across the full range of security controls.
Coordinate, execute and manage internal and external audit and planning engagements across the Innovation Group. Responsible for final management response to all audit findings. Provide ongoing summary reports and tracking remediation recommendations.
Compile and develop regulatory reports, controls and objectives for PCI SOX GLBA, FERPA etc.; Responsible for ensuring attestations and IT/business responses and mitigations are incorporated and represented in accordance with business objectives and IT strategy; Publish reports for internal and external requirements as directed by Corporate Legal; Maintain roadmap and awareness for pending requirements and dependencies.
Act as the Information Security Officer (ISO) in owning and maintaining the information security program. Ensure the information security program addresses evolving security threats, scales appropriately with the business, and meets compliance requirements.
Oversee the evaluation and selection of new or replacement security solutions. Ensure that requirements are understood, and proposed solutions adequately meet those requirements. Build relationships with vendors, lead price negotiation efforts and ensure solutions are cost-effective.
Manage the operational information security team. Ensure the information security team efficiently accomplishes the following responsibilities:
Evaluate the First security posture through formal risk assessments and specific security-related audits. Drive remediation efforts to address high-risk areas.
Provide security expertise and analysis to other business functions, such as software development, architecture, project management, and audit.
Develop and maintain efficient metrics for measuring security control effectiveness and risk.
Requirements:
A Bachelor's degree in Computer Science or a related field, or equivalent experience is required.
A minimum of 7 years progressive experience in Governance, Risk and Compliance functions.
Working knowledge and experience of relevant standards, regulations, or legislative instruments, including:
• ISO 27001 and ISO 27002 standards for Information Security
• PCI DSS (Payment Card Industry Data Security Standard)
• OX (Sarbanes Oxley)
• GLBA (Graham Leach Bliley Act)
Certifications such as CISA, GRCP, CISM, and CISSP are preferred.
Strong business analysis skills
Able to Learn quickly, absorb and retain information, and apply knowledge when and where relevant
Self-motivated and able to work on own initiative with minimal guidance
Logical approach to problem solving and ability to prioritize work appropriately
Experience of managing a varied and heavy workload
Ability to prioritize work appropriately
Excellent interpersonal, written communication and presentation skills
Creative and innovative, yet pay close attention to detail
Strong team player
If interested, please send a CV (photo attached) at jobs27@first.al
Tel. : 22 53 974