Posted On: Jun 16, 2023Location: Remote, INCompany: QualfonJob SummaryThe Director of Information Security is responsible for managing all Risk, Compliance and Assurance activities for all offices within Qualfon. This position is aimed toward managing information security activities that pertain to Qualfon global Offices and includes conducting/managing internal audits/risk assessments, participating in external audits such as PCI-DSS/SOC2, identifying risks and responding to security incidents, ensuring compliance with relevant regulations, and driving continuous improvement in our information security practices.The Director – Information Security (GRC) will have a global team reporting to him/her and will be the central point of contact for stakeholders on all security and privacy matters. He/she will be primarily responsible for articulating business needs to security requirements.MUST be able to support US eastern time zone.EducationMinimum Requirements (Education Qualification):Qualification Required: Bachelor’s degree in computer science, information technology or other related major required.Certification Desired: CISA, CISM, CISSP, CRISC or similar.Role ResponsibilitiesAct as a central point of contact for information security and data protection activities.Lead, manage and improve security Risk, Governance and Data protection program for Qualfon Global Offices.Coordinate external audits such as SOC2 & PCI-DSS and manage customer assessments of Qualfon.Develop Risk and compliance strategy in alignment with business requirements, objectives and metrics.Translate legal, statutory and contractual obligations into a cohesive collection of processes and provide the respective stakeholders with compliance requirements and methodologies.Use key business measurements to identify and drive process improvement opportunities for compliance and risk management.Review and update security policies and standards on a regular basis to address new threats, industry practices, requirements and standards.Coordinate regular system and network audits, reviews, and tests to verify compliance with security policies and standards.Monitor internal and external security advisories that impact security, risk and compliance requirements.Support the implementation of security controls and recommend areas for risk reduction.Support RFP and contractual agreements process in assessing security requirements from potential customers.Assist and improve security awareness program.Assist and improve governance activities.Evaluate suspected security breaches, work with subject matter experts, and recommend corrective actions.Align and provide security metrics to Global Chief Information Security Officer on a periodic basis.Review the Data protection processes and controls implemented by various stakeholders.Provide recommendations around implementing technical and process controls related to privacy.Provide periodic reports to management on the effectiveness of the implemented controls and gaps (if any).Other Skills and Experiences (Min)Skills and Experience Required:10-15 years of experience in information security, compliance, audit and/or risk management.Sound knowledge of security legislation/industry standards such as SSAE16/SOC2, ISO 27001, PCI-DSS, HIPAA etc. desirable.Knowledge of security issues, trends, best practices.Familiarity with audit, business and segregation of duties, risks, and controls.Ability to foresee and identify mitigation strategies for risks.5+ years of applicable experience in working in enterprise risk management, risk management frameworks, concepts and methodologies.5+ years of experience with internal controls and performing risk assessments.Proficiency in interfacing with business leaders at various levels including middle and senior management. #J-18808-Ljbffr