Manager, Information Security CX

NICE Systems

  • Sandy, UT
  • Permanent
  • Full-time
  • 1 month ago
Manager IT Security ComplianceLocation: Salt Lake City, UTThe Manager IT Security Compliance will work with the Director of GRC and is responsible for leading efforts within the IT Audit and Compliance Team.Provides technical expertise in all aspects of enterprise information security compliance for all applicable regulations. This position will audit, create, coordinate projects, documentation, presentations, and processes designed to ensure compliance with information security standards and regulations including PCI DSS, ISO 27000, FedRAMP, SOC 2, and GDPR.​This position will lead a team of IT audit and compliance professionals, both onshore and offshore, and be responsible for the continued expansion and career growth of the team members. In addition, this role is responsible for the risk identification, certification, analysis and response of processes, infrastructure, applications, vendors and other assets supporting business goals.Major Functions/Responsibilities:
  • Develop and support internal audits of internal processes and best practices to ensure compliance with security standards and regulations.
  • Develop and oversee information security risk and compliance strategies that align with business goals and protect the confidentiality, integrity and availability of information assets.
  • Works closely with operations, engineering, and legal teams to assess contractually proposed terms and conditions for partners, customers, and vendors, aligning with appropriate risk profile and providing feedback on changes needed.
  • In cooperation with the organizational PMO, prepare and manage project plans, including work breakdown, obtaining resources, collaboratively resolving escalated issues, and monitoring schedules to achieve timely deliverables, on-budget.
  • Lead members within the Auditing and Compliance team under the Director of Trust in assessing risk, developing appropriate controls and advising on creation of action plans to address gaps.
  • Work with 3rd party auditors to assess information security and compensating controls while developing compliance strategies for continuous auditing adherence standards and programs.
  • Recommend, implement, and maintain technical and procedural controls to provide regulatory compliance in the most reasonable and cost-effective manner.
  • Manage the work of the IT Security Auditing and Compliance team responsible for monitoring and implementing Information Security and Risk and Compliance Management frameworks policies, standards and best practices.
  • Establish auditing procedures to adhere and sustain regulatory compliance standards.
  • Draft and publish Auditing and Compliance policies, to include continuous compliance testing internally with approved and scheduled external auditing.
  • Support and coordinate internal and external audits for the areas of Information Security Compliance and Risk Management.
  • Maintain Information Security Risk Management & Compliance data repositories.
  • Work with Marketing to design and produce Information Security and Trust Office materials.
  • Oversee the Security Vendor Management Program to ensure 3rd party relationships are managed according to best practice.
  • Maintain the highest level of personal certification, integrity and objectivity, following the company Code of Ethics and Nice CXone policies and procedures at all times.
Required Education, Experience, and Specific Job Related SkillsEducation Requirement:
  • ​Bachelor's degree in Business Information Systems, Computer Science, Information Systems Security or related field or equivalent work experience required.
Experience Requirements:
  • 6+ years of audit experience.
  • 3+ years in or with information security or security principles.
  • Experience conducting PCI DSS, SOC 2, ISO 27000, and/or FedRAMP audits across enterprise organizations.
  • Demonstrate strong knowledge in IT controls, risk assessments, and the design and testing of security measures.
  • Excellent skills in risk assessment processes, policy development, proposals, work statements, product evaluations, and delivery of technology.
  • Experience engaging executive-level leadership and stakeholders to establish strategic plans for programs and projects.
  • Strong writing and verbal aptitude.
  • Good organization and project management skills
  • Advanced computer skills in desktop applications.
  • Demonstrates a strong ability to work with, define, and negotiate goals between teams and groups that may not be in the same department.
  • Knowledge of internal control concepts and related test of control techniques. Includes security and operation controls, as well as knowledge of a major recognized control framework.
  • The attributes of a qualified candidate are a rational skepticism, a sense of risk appreciation, technical awareness, informed judgment and a strong operational understanding.
Experience Preferred:
  • Certification in security compliance or related field (one or more preferred):
  • Certified Information Systems Auditor (CISA),
  • Certified in Risk and Information Systems Control (CRISC),
  • Certified Internal Auditor (CIA),
  • Certified Information Security Manager (CISM),
  • Certified Information Systems Security Professional (CISSP),
  • NIST Cybersecurity Framework Certification.
  • Experience managing IT internal audit and compliance teams within organizations.
  • Strong understanding of database and software technologies.
  • Strong understanding of SaaS and Contact Center/Telecommunication services.
  • Experience working with off-shore staff

NICE Systems