Job Information
CGT Staffing Information Security - Compliance Manager in Pittsburgh, Pennsylvania
Information Security Compliance Manager
Direct Hire
Hybrid Schedule
Qualifications:
- Bachelor's degree in information technology, computer science, or a related field.
- 5 years minimum experience
- Relevant certifications such as CISA, CISSP or CRISC
- Experience in conducting compliance assessments and audits.
- Experience in IT compliance, risk management, or related roles.
- Expertise in IT processes, controls, and security best practices.
- Solid understanding of IT compliance frameworks, regulations, and industry standards such as GDPR, HIPAA, COBIT, ITIL, PCI-DSS, ISO 27001, and NIST Cybersecurity Framework.
- Strong understanding of security controls and their implementation across different IT domains.
- Familiarity with vulnerability management, access management, change management, and incident response processes.
- Proficiency in risk assessment methodologies and tools.
- Knowledge of secure coding practices and application security concepts.
- Understanding of network security architecture, protocols, and configurations.
- Familiarity with cloud security concepts and technologies.
- Understanding of encryption technologies and cryptographic protocols.
- Experience using compliance management and GRC (Governance, Risk, and Compliance) tools.
- Ability to analyze complex compliance issues, assess risks, and provide effective solutions.
Primary Responsibilities:
- Provide leadership to the information security team, setting clear goals, expectations, and performance standards.
- Provide ongoing training and professional development.
- Conduct regular performance evaluations, provide constructive feedback, and recognize outstanding contributions.
- Address performance issues promptly and fairly, implementing corrective actions as needed to maintain a high-performing team.
- Promote knowledge sharing and collaboration within the information security team and across the organization.
- Facilitate the exchange of best practices, lessons learned, and emerging trends in cybersecurity to enhance overall security posture.
- Recruit, onboard, mentor, and train new members of the information security team, ensuring they have the necessary skills and knowledge to excel in their roles.
- Develop and implement succession plans to ensure continuity of leadership and talent within the information security team.
- Identify high-potential team members and provide opportunities for career advancement and leadership development.
Compliance Program Development:
- Leads the development and implementation of the IT compliance program, including policies, procedures, and controls.
- Stay current on relevant laws, regulations, and industry standards. Provide informed recommendations to ensure ongoing compliance.
- Collaborate with stakeholders to identify compliance requirements and integrate them into IT processes and systems.
- Compliance Assessments and Audits
- Conduct regular (at least annual) internal assessments and audits to evaluate IT systems, processes, and controls for compliance with regulatory requirements and internal policies.
- Manage and continually improve the organization's response to external audits and assessments, ensuring timely and accurate responses to audit requests.
- Develop standardized responses to external information security audit, assessment, and due diligence questionnaires and requests, ensuring efficient and timely responses to external stakeholders.
- Develop, organize, and maintain the documentation and other assets required to demonstrate control implementation and effectiveness on an ongoing basis. Collaborate with internal stakeholders as needed to support this activity.
- Identify control deficiencies, recommend remediation actions, and monitor the implementation of corrective measures.
Policy and Procedure Development:
- Collaborating wi h relevant stakeholders, contribute to the development and maintenance of IT policies and procedures, ensuring they align with regulatory requirements and industry best practices.
- Communicate IT security policies and procedures to employees to promote awareness and compliance.
- Regularly review and update policies and procedures to reflect changes in regulations or business requirements, ensuring they remain up-to-date and relevant.
Third-Party Risk Management:
- Ensure compliance of third-party suppliers with applicable regulations and information security standards.
- Conduct due diligence assessments and ongoing monitoring of third-party compliance.
- Oversee team that will establish processes for monitoring and addressing non-compliance or security incidents involving third parties.
- Assess and manage the risks associated with third-party relationships, including information security risks and data privacy risks.
- Collaborate with procurement and legal teams to ensure compliance requirements are incorporated into vendor contracts and service level agreements.
Compliance Monitoring and Reporting:
- Oversee team that will establish processes to track compliance with IT policies, standards, and controls.
- Provide updates to senior management on the organization's compliance posture and remediation efforts. Communicate areas of non-compliance, potential risks, and recommended actions.
Compliance Training and Awareness:
- Oversee team to help develop and deliver IT compliance training programs to educate employees on regulatory requirements, industry standards, and best practices.
- Stay informed about emerging compliance trends and technologies and provide recommendations for continuous improvement.
- Promote a culture of compliance and security across the organization.
- Provide guidance to business units on compliance-related matters.
* IT Controls Assessment and Risk Management:*
- Evaluate the design and effectiveness of IT controls to mitigate risks and ensure compliance.
- Assist in the development and implementation of risk management frameworks and methodologies.
Collaborate with IT teams to identify and remediate control gaps or weaknesses.