This job board retrieves part of its jobs from: Oklahoma Jobs | Massachusetts Jobs | New Jersey Jobs

  Spokane Jobs Hub  

Bringing the best, highest paying job offers near you

previous arrow
next arrow

Director, Cybersecurity Audit and Compliance


This is a Full-time position in Spokane, WA posted September 7, 2021.

Job Description and Responsibilities This hands-on leadership position will serve as part of Visas Cybersecurity Audit and Compliance (A&C) function within the Cybersecurity Governance Risk and Compliance (GRC) team, reporting to Sr.

Director, providing oversight, coordination, and delivering the activities that support successful internal audits, external audits and compliance, regulatory activities, and external customer/client requests.

This role will assist with validating the ongoing effectiveness of Cybersecurity controls across Visa (both automated and manual), working with technology/business control owners across the Visa organization, evaluating control design and standards in a variety of programs areas with focus and expertise in PCI standards ( DSS, PIN, P2PE).

In addition, this role will support the Cybersecurity Policy and Awareness Program helping drive policy strategy, cyber-awareness content development, and maintain active engagement with senior SME, risk, and business stakeholders across the enterprise to advance program initiatives.

The successful candidate will be a thought leader, able to craft compelling narratives, crisp arguments, and communicate with executive presence but also be strong on execution to effectively balance the individual elements of each of these activities.

Essential Functions Focus on PCI readiness (controls advisory /assessment) and support for annual PCI reviews across existing and new Visa entities.

Support Cybersecurity Policy and Awareness Team by: Evolving Cybersecurity policy frameworks, controls enforcement and enhancement Assisting on various Policy Team initiatives Developing and editing content for Cybersecurity Awareness & Training Program Participate in facilitating audits, compliance, and regulatory activities, including, but not limited to: FFIEC, GLBA, SSAE16/ISAE3402, Sarbanes-Oxley (SOX), Internal Audit, & Customer/Client Inquiry using knowledge of the information security, financial, and/or technology regulatory environment and risk management practices Work collaboratively with corporate compliance, internal audit, enterprise risk management, regulatory risk and various technical teams in the design and implementation of audit, regulatory, and compliance practices for Information Security Promote proactive readiness activities and enhancement of Information Security-based internal controls to support future internal and external reviews Develop data points into Information Security risk management reporting activities, including dashboards, metrics, and executive reporting content Advices Cybersecurity leadership on the status of technology risk and compliance issues based on assessment results and information from various monitoring and control systems/activities.

Qualifications Basic Qualifications: Bachelor’s degree in Computer Science, Information Systems, Management Information Systems, or Business Administration or another related field.

Significant and relevant technical experience meeting the job description may be substituted for degree requirements.

6-12 years of leadership experience in Information Security, Audit, Risk, and/or Compliance.

Open to experience in other relevant fields (i.e., finance, business administration, information technology, etc.) as long as candidate can demonstrate relevancy to this Information Security based role.

6 years direct participation and experience across common industry security policy areas, including, but not limited to PCI-DSS, ISO, NIST, COSO, COBIT, FFIEC, SOX, SSAE16/ISAE3402, SOC 2 and others.

Candidates with experience in Audit/Compliance/Regulatory discussions and proactive readiness activities in a large global financial institution or a matrix organization preferred.

Preferred Qualifications Broad and deep experience across PCI standards (DSS, PIN, P2PE, Token etc.) with the ability to apply the standards with confidence across different organizational contexts.

Experience of applying industry policy knowledge to support in the creation of Company Information security policy / standards development Proven experience working with multiple individuals on internal and external delivery and communication initiatives.

Ability to synthesize a variety of data points, problem solve, and formulate comprehensive and effective execution and risk mitigation plans.

Strong executive presence and exceptional communication skills
– experience in Audit/Compliance/Regulatory discussions and proactive readiness activities with internal partners and external customers/clients.

Experience in designing and developing an effective security education and awareness program, including skills such as content writing, strong editorial capability, and delivery of multi-media content, and/or instructional design.

Ability to influence beyond immediate team and with those of more experience / seniority Must be extremely flexible and able to manage multiple tasks and priorities on very tight deadlines.

Excellent Data Analysis skills using Microsoft Excel, SQL, or other scripting languages CISSP, CISA, CISM, PCI QSA/ISA Certifications preferred

Please add your adsense or publicity code here (inc/structure/adsfooter.php)