Sr. It Compliance Specialist-ind Job in Ingram Micro

Job Description

INDIA JOB PROFILE NAME: Sr. IT Compliance Specialist-IND

JOB CODE

INDIA: 894046IND

MANAGEMENT LEVEL

JOB GRADE

INDIA: 8

BUSINESS TITLE: Sr IS Compliance Specialist

GRADE PROFILE: TBD by Location

JOB FAMILY GROUP>JOB FAMILY>DISCIPLINE:

Information Technology>IT Security>Information Security

LOCATION/CITY/COUNTRY: India

REPORTS TO: Manager, IT Compliance

TIME TYPE: FT

TARGET TEAM SIZE: 0

PREPARED BY: Madhur Sharma and Suzanne Levin Herrera

POSITIONS REPORTING TO THIS POSITION: N/A

DATE PREPARED: Finalized April 15, 2020

JOB FAMILY SUMMARY

HRBP: Insert Job Family Summary from Job Catalog Guide

Design, install, manage, and implement business plans, policies and procedures to maintain systems, network, database and/or Web security; develop, implement, and maintain information security, including access management, vulnerability assessments, penetration testing, infrastructure, and regulatory compliance; responsible for reporting, investigation, and resolution of data security incidents; analyze business needs and oversee security architecture, administration, and policy planning to lessen possibility of security breach; recommend enhancements to plug potential security gaps. Prevent IT-based crime, hacking, intentional or inadvertent modification, disclosure, or destruction to an organization's information systems and IT assets and intellectual property including: Designing, testing, and implementing secure operating systems, networks, and databases; Password auditing, network based and Web application based vulnerability scanning, virus management, and intrusion detection; Conducting risk audits and assessments, providing recommendations for application design. Monitoring and analyzing system access logs; Planning for security backup. Provide guidance and direction on best practices for the protection of information; ensure compliance with regulations and privacy laws. May oversee internal or external systems security (e.g., cloud services).

SPECIFIC JOB SUMMARY DESCRIPTION

Describe the specific scope, responsibilities and requirements for this position. Ensure consistency with the global level definitions above. This section may be copied into Jobvite to provide more information for the recruiter.

Position Summary

The Sr. IS Compliance Specialist is responsible for performing, or leading, complex and/or significant compliance reviews, within the IT audits including network, internet, applications, telecommunications, security administration, and contingency planning. Assess risks, develops detail audit/compliance programs, execute audit/compliance programs steps, analyse results and effectively communicate results to the senior management.

On a primarily independent basis, this position supports global activities as they relate to IS compliance including PCI, ISO 27001, Financial Regulations, Statutory Audits, customer commitment obligations such as SOC1 and SOC2 attestation, Internal and External Auditor liaison support and management documentation / reporting. This support will be accomplished by reviewing existing processes, identifying improvements activities and recommending control improvements and/or efficiencies.

Responsibilities

IS Compliance

• Plans and conducts complex IS and integrated audit/compliance projects, including preparation of an objective risk-based assessment and an effective audit/compliance approach.
• Leads and/or participates on audit/compliance of Applications, Enterprise security, IT General Controls, for complying with policies and procedures.
• Manages and supports Global IS compliance to security frameworks and standards as they relate to PCI, ISO 27001, SOC1, SOC2 and Regulatory requirements for auditing, reporting and remediation where appropriate
• Works with internal and external stakeholders to assess the IT architecture or proposed IT architecture solutions to identify the risk areas with regards to PCI controls.
• Assesses the network architecture and or reviews the Firewall rulesets, Network devices/appliances to see if they are aligned with the PCI control requirements and recommends compensatory controls where necessary.
• Executes operational activities to support audit and compliance activities including technical validation processes.
• Conducts PCI DSS scoping engagements, gap analysis and assessments related to securing the Cardholder Data Environment:
  • Collects information and business workflows
  • Executes collection of evidence to support compliance status
  • Consults with internal clients to help them understand our findings and their remediation options
  • Is a liaison for Internet Audit activities, reporting and escalations
  • Manages escalation and enforcement for unresolved noncompliance issues
  • Manages status of global PCI requirements and status
  • Manages monthly, quarterly self-assessment of global IS and reporting
  • Provides and present reporting including monthly metric delivery

• Creates professional reports tailored to each client that detail assessment findings and includes a roadmap of practical, actionable steps for improving their security posture and achieving compliance
• Provides engagement with PCI Brands, 3rd party QSAs as necessary, which can include 3rd party devices, service providers and middleware applications.
• Supports/participates and performs the due diligence and security compliance validation with 3rd party IT solution providers.
• Manages response and status to external reporting for financial compliance in relation to PCI
• Manages and supports External Audit activities and reporting.
• Provides presales and scoping assistance as needed
• Manages the project with timelines, efforts, meeting minutes, and tracks it until the completion.
• Supports and enforces Information Security Policy, Standards, and Guidelines for business operations and technology implementations
• Works with Information Security staff to ensure tools and reporting mechanisms are satisfactorily meeting PCI objectives.
• Maintains strong working relationships with internal and external support teams including Global, Regional Work on special projects as required by management
• Stays abreast of changes within the IS compliance areas including business change requirements and regulatory changes from an international perspective and Country IS associates
• Experiences completing PCI DSS Reports on Compliance (ROCs) - strongly preferred
• Has familiarity and experience with a variety of security products and technologies - for example, network firewalls, web application firewalls, antivirus solutions, Data Loss Prevention products, and encryption technologies.

Process Improvement and Associate Success

• Performs business processes value-added assessment of internal controls, systems, processes, financial reporting, and identify opportunities for improvement and efficiencies.
• Actively looks for opportunities to develop new ideas to positively impact existing methods, services, or products.
• Targets performance improvements while analysing systems and processes.
• Understands, analyses, and documents cost/benefit analysis where appropriate.
• Actively accepts individual and team responsibilities and meet commitments. Takes responsibility for own performance and actions and demonstrates responsibility and teamwork towards overall team/department goals.
• Actively mentors and assists other IS personnel on topics related to IS security
• Effectively multi-tasks on multiple assignments and deliverables.
• Takes and exhibits initiative to further develop technical and professional skills, by attending training and/or willingness to learn new systems or technologies in use by the Information Systems department.
• Possesses understanding of Ingram Micros business including knowledge of department names and business processes conducted by each, company global organization, and key customer and vendor segments.

Education and Technical Expertise

• A Bachelors degree in Computer Science, Engineering, or related Science and Math discipline with an IS or Business emphasis is required.
• 5 years or more relative experience in a global information technology environment with a background in auditing and process support
• Strong knowledge in commercial or inhouse developed eCommerce applications, ERP applications including SAP, Oracle, Payment Devices and or solutions.
• Information Security background including an understanding of the basic security best practices, standards and methodologies
• Possess strong understanding of information systems and networking diagrams
• Experience evaluating the security infrastructure for large enterprise merchants or service providers
• Working knowledge of the financial industry and the lifecycle of payment card transactions
• Working experience with software development methodologies and practices
• Working knowledge of audit methodologies and security assessment tools
• Methodical and organized; able to manage multiple opportunities, projects, and partners concurrently;
• Excellent written and oral communication skills, can express thoughts clearly, knows how to listen and is able to contribute in a team environment
• IT technical knowledge in support of compliance including Operating System, Database, Networking and Security technologies
• Ability to formulate detailed technical documentation, remediation requirements
• Relevant auditing and compliance certification (e.g. QSA, ISA, CISM, CISA, ISO 27001 Lead Auditor) preferred

Competencies