Senior Professional, Information Security
The Senior Professional, Information Security resource will perform security assessments to ensure compliance with internal policies, controls, and standards, as well as client and regulatory security requirements. These assessments include reviewing technological, operational, and process controls to evaluate the design and implementation of security controls.
The individual will also assist in performing risk assessments and monitoring for adherence to customer requirements, ISO 27001 requirements, PCI DSS requirements, and other regulatory compliance requirements. Additionally, the individual will participate in PCI DSS audits, Service Organization Controls (SOC) audits, SSAE 16 / ISAE 3402 audits, customer audits, and other compliance / regulatory audits occurring at the various Jamaica sites.
This position will be based in Kingston, Jamaica and will require travel to the other parishes in Jamaica, as needed. The position reports into the Information Security Manager, Jamaica. The role will interface closely with Service Delivery, other members of the global Information Security team, and other functions across Human Resources, Physical Security, Information Technology, and Facilities.
Assist with assessments of Information security controls to measure the effectiveness of controls and identify control gaps
Identify, assess, and prioritize identified risks
Collect evidence, artifacts, and document findings to support conclusions
Report on compliance with internal policies, controls, and standards
Provide recommendations for remediation of identified deficiencies
Track and report on findings/deficiencies to closure
Participate in third-party risk assessments and audits, to include HIPAA audits, PCI DSS audits, Service Organization Controls (SOC) audits, SSAE 16 / ISAE 3402 audits, customer audits, and other compliance / regulatory audits occurring at the Jamaica sites.
Track remediation efforts and report on the status of control deficiencies
Support information security investigations in the respective areas of responsibility
Support security initiatives and global policy adherence and awareness efforts in the areas of responsibility
Ensure that new client engagements, in the areas of responsibility, adhere to the required information security controls and policies
Enforce policy adherence and coordinate formal policy exception requests
Ensure compliance to standards and regulations such as ISO 27001, PCI DSS and national information security laws
Assist with Identifying and documenting the contractual/client information security requirements
Respond to information security requests, from various internal stakeholders, in a timely manner
Provide timely updates on assessments and assigned projects
The individual must possess excellent oral and written communication skills with the ability to interact and communicate with technical personnel, non-technical personnel, and senior management. The individual must be pro-active, flexible, and able to work independently, adjusting quickly to changing priorities and conditions. Must demonstrate strong leadership attributes as well as the innate ability to follow and be a supportive team member.
Education Requirements: Bachelor’s Degree in Computer Science, IT, Security, or related field
Experience Requirements: 4 to 8+ years of experience in IT Security, Risk & Compliance, or IT Audit. Experience and knowledge of information security concepts / principles and audit / risk assessment methodologies
Certification Requirements: CISA, CISM, CISSP certifications a plus
Job reposted on behalf of Sutherland Global.