Role Overview:
This position is a full-time, hands-on role reporting to the Director of Information Security. The role's primary purpose is to facilitate transition to PCI v4.0 and ISO 27001:2022 as well as achieving compliance with the Sarbanes-Oxley Act (SOX). This position will be responsible for designing, implementing, and maintaining effective governance processes and controls, collaborating with cross-functional teams, and ensuring the organization's Information Security aligns with these regulatory and compliance frameworks.
Main Duties:
PCI 4.0 Compliance:
- Lead the efforts to achieve and maintain compliance with the Payment Card Industry Data Security Standard (PCI DSS) version 4.0.
- Conduct gap assessments, remediation planning, and ongoing monitoring to ensure continuous compliance.
- Oversee the implementation and maintenance of controls to meet the requirements of the Sarbanes-Oxley Act (SOX).
- Collaborate with financial, IT, and audit teams to ensure financial reporting integrity and compliance.
- Drive the organization's transition to ISO 27001:2022 certification from the existing 27001:2013 Management System, including risk assessments, policy development, and process improvements.
- Collaborate with external auditors and certification bodies to achieve ISO 27001:2022 compliance.
- Professional certifications such as CISSP, CISM, or CISA are highly desirable.
- Project management certifications (e.g., PMP, PRINCE2) and experience managing complex projects or programs.
- Proven experience in Information Security Governance and compliance roles, including PCI, SOX, and ISO 27001.
- Strong understanding of relevant regulatory requirements and industry standards.
- Excellent communication, leadership, and interpersonal skills.
- Experience working with cross-functional teams and managing security initiatives.
- Strong analytical and problem-solving skills.
- Knowledge of risk management, incident response, and compliance frameworks.