Security Risk and Compliance Management Specialist III

Cyber Security San Antonio, Texas Austin, Texas


Description

Position Overview

 

We are seeking a Security Risk and Compliance Management Specialist III to join our team in San Antonio or Austin, Texas!

 

In this role you will act as an advocate in development of overall information security programs globally. You will create and perform global IT Risk and Compliance assessments. Additionally, you will assist in development and execution of information security, compliance, and risk best practices globally through audits, assessments, and policy-making. 

 

Primary Responsibilities

 

What You'll Do:

 

  • Collaborates across the organization to execute and mature the Risk Assessment process, including developing all necessary charters, processes, methodologies, and reports. 
  • Participates in cross-functional workgroups and planning meetings to promote ideal solutions that meet the objectives of both the business and the IT Risk, Compliance, and Information Security team.  Where ideal solutions cannot be found, identifies and reports enterprise level risks and failures to management for escalation. 
  • Promotes sharing of expertise through consulting, presentation, and documentation. 
  • Assists in training other Information Security, IT Risk, and compliance staff. 
  • Communicates the value of IT Risk, Compliance, and Information Security within the organization. 
  • Continuously validates the organization against additional mandates, as developed, to ensure full compliance. 
  • Promotes sharing of expertise through consulting, presentation, and documentation. 
  • Coordinates cross-functionally to ensure a holistic approach to security and compliance across the organization. 
  • Evaluates, monitors, and ensures compliance with IT Risk and Information Security policies, standards, guidelines and relevant legal and regulatory requirements. 
  • Supports business partners where necessary in dealing with current and prospective clients. 
  • Conducts IT Risk and Information Security due diligence activities relative to vendors and third parties. 
  • Conducts risk assessments and documents findings where the deviation from an information security or IT Risk policy or standard is desired. 
  • Creates risk remediation plans with business owners and follows through in the implementation of changes.
  • Conducts annual audits for industry specific reports, including PCI, ISO27001, SOC1, SOC2, SOC3, SOX, and CDSA. 
  • Documents findings where deviations exist through internal or external testing. 
  • Develops internal control testing and documented processes. 
  • Updates internal control matrices where necessary to support annual changing environments. 
  • Ability to adapt and create processes as applicable, including changes in processes or reporting metrics. 
  • Executes as the conduit between internal control owners and external auditors, including kickoff meetings, interview requests, closing meetings, and evidence gathering. 
  • Executes internal customer audits which include scheduling, presentation of the Rackspace compliance portfolio, and overseeing the successful visit in conjunction with Account Managers. 

An ideal candidate will have:

 

  • Excellent written and verbal communication skills. 
  • Able to communicate with all levels of the organization. 
  • Aptitude to develop and maintain internal and external business relationships and to leverage those relationships in pursuit of goals and responsibilities. 
  • Excellent analytical skills to analyze and evaluate technical information. 
  • Strong knowledge of application and system vulnerabilities and exposures. 
  • Knowledge of basic system, network, and operating system hardening techniques. 
  • Excellent knowledge of Information Assurance (IA) principles and tenets (confidentiality, integrity, availability, authentication, non-repudiation). 
  • Strong knowledge of network architecture concepts including topology, protocols, and components. 
  • Knowledge of network communication protocols and directory services. 
  • Knowledge of network security architecture and risks associated.  
  • Knowledge of system administration concepts for Unix/Linux and/or Windows operating systems. 
  • Strong knowledge of security policies and practices, including ISO 27001 and Payment Card Industry (PCI). 
  • Ability to work independently on tasks and take ownership of projects. 

 

Minimum Qualifications

 

  • High school diploma or equivalent required.  Bachelor’s degree in Computer Science/Computer Studies/Information Technology/Information Security or a related field is required. Experience may substitute for education at 1 year of experience for 1 year of education. 
  • Minimum of 6 years of practical information security experience in developing and maintaining secure architectures for large enterprises is preferred, including three years in a Rackspace-type environment. 
  • Security+, Network+, Project+, CISSP, Professional certifications preferred. 
  • CRISC, ISSEP, GCED, GCIA, CISA certifications preferred