S K Finance - Manager - Cyber Security & IT @ Fidelity National

Job Description

Job Description : Manager Cyber Security & IT Compliance Position : Manager Cyber Security & IT Compliance Employment Type : Full Time Place : & Qualification : Responsibilities The Manager IS Compliance will create, maintain, and make recommendations to improve and implement improved processes and procedures to ensure compliance with RBI and industry. Establish and implement processes and procedures for auditing the correct application of automated Identity and Access Management. Actively coordinate and manage all external technology audits, coordinate any remediation actions and provide IT management communication of status on remediation action items. Ensure compliance with any applicable information security standards and regulations. Effectively manage internal and external auditor requests. Perform user access reviews and ensure respective any remediation is performed in a timely manner. Perform the periodic compliance tests necessary to demonstrate compliance. with applicable laws, regulations and standards such as SOX, PCI, CPRA, GDPR. Ensure timely delivery of completed of Sarbanes-Oxley required user access reviews, with respective remediation to IT Security Management. Prepare for the annual PCI audit by maintaining/updating the master inventory of PCI controls. Perform Vendor Security Assessments utilizing One Trust and other 3rd party cyber security evaluation tools. Consult with project teams on PCI requirements as they relate to system changes, product reviews, contracts, and RFP responses. Schedule quarterly PCI scans and annual Internal and External Penetration Tests, and work with technical teams to ensure that Medium and High-Risk Vulnerabilities are addressed. Schedule and coordinate yearly PCI Audit so that the PCI Auditor has access to people and resources necessary to perform the review. Prepare for both Internal and External SOX audits by maintaining/updating the master inventory of SOX controls. Consult with project teams on SOX regulatory requirements as they relate to system changes. Assess Business Process to ensure that they are SOX compliant. Ensure that issues associated with processes or applications are mitigated with appropriate controls. Analyze access requests for potential data privacy issues, segregation-of-duties conflicts, and prepare relevant access forms. Act as liaison between Auditors and Technical teams by coordinating requests for information and by coordinating responses to any observations. Assist in the creation and maintenance of a compliance, privacy and security training curriculum for the IT department and general employee groups. Evaluate and select appropriate training materials. Create and evaluate testing measures that demonstrate understanding and application of the training material. Work with IT Security to create valid measures of compliance with privacy and security best practices. Maintain and suggest areas of improvement for IT Change Management. Create, maintain and communicate appropriate metrics which demonstrate compliance with IT Change Management processes and procedures. Create, maintain and report results of internal IT audits of the processes and procedures used in IT related to the correct provisioning and use of technology systems and protections. Create, maintain and communicate appropriate metrics which demonstrate compliance with provisioning, protection and use of technology systems. May perform other responsibilities as assigned. Responsibilities and duties may change when circumstances dictate (e.g., emergencies change in workload, rush jobs or technical : Bachelor's degree or equivalent experience in Computer Science, Information Systems or similar field Advanced degree preferred 5+ years" experience CISA (Certified Information Systems Auditor) Required CISSP (Certified Information Systems Security Professional) Required GIAC Ethical Hacker Preferred GRC certifications Preferred Experience working with diverse security auditing products and methodologies (Vulnerability Scanning, Penetration Testing, Application testing, security compliance testing). Experience in the analysis, development and implementation of policies, processes and controls. Experience with Access Control, Privacy & Compliance requirements. Experience collaborating with auditors to demonstrate compliance with internal and external standards. Experience/Knowledge with network security concepts such as Firewalls, IPS, VPN, Advanced Threat Protection, and Proper Network Segmentation. Experience/Knowledge in the following areas : Microsoft Active Directory, Microsoft Azure, Security Concepts, eDiscovery, Encryption, Identity Management, Log Management, Risk Assessment, and security principles/best practices. Work with technology teams through the daily management of compliance tasks, including identity management, compliance management, vulnerability management, change management, reporting, and audit facilitation. Ability to use or develop appropriate reports. Build strong working relationships within business units to aid in compliance and privacy adherence. Exceptional written and verbal communication skills, with ability to explain complex technical problems to wide range of vendors and coworkers. Able to think analytically, work independently, and make decisions objectively. Ability to analyze and interpret the applicability of local and federal laws/regulations to company operations. Security mindset. Zero trust is the foundation of security. Strong ability to develop ad-hoc reports. Build strong working relationships within business units to enhance results-oriented client service focus. Reviews security violation reports and investigates possible security exceptions. Adept at testing and learning new technologies. Intermediate to advanced proficiency level utilizing Microsoft Office including Excel, Access, Word, Outlook, Visio, and Project. (ref:hirist.com

Employement Category:

Employement Type: Full time
Industry: NBFC ( Non Banking Financial Services )
Role Category: General / Other Software
Functional Area: Not Applicable
Role/Responsibilies: S K Finance - Manager - Cyber Security & IT

+ View Contact

Keyskills:   Cyber Security IT Compliance Identity Access Management Information Security SOX Penetration Testing Change Management Vulnerability Scanning Application Testing Access Control Network Security Firewalls VPN Microsoft Azure Encryption Identity Management Log Management Risk Assessment GRC CISA CISSP PCI CPRA GDPR Vendor Security Assessments Privacy Compliance IPS Advanced Threat Protection Network Segmentation Microsoft Active Directory eDiscovery Security Principles GIAC Ethical Hacker