Security Risk and Compliance Management Specialist II

Cybersecurity San Antonio, Texas Remote, United States


We are seeking a Security Risk and Compliance Management Specialist II to join us at our headquarters in San Antonio, Texas or Work From Home!

PRIMARY RESPONSIBILITY:  Acts as an advocate in development of overall information security program globally. Creates and performs global IT Risk and Compliance assessments. Assists in development and execution of information security, compliance, and risk best practices globally through audits, assessments, and policy-making.

KNOWLEDGE/SKILLS/ABILITY:  Strong written and verbal communication skills. Able to communicate with all levels of the organization. Aptitude to develop and maintain internal and external business relationships and to leverage those relationships in pursuit of goals and responsibilities. Strong analytical skills to analyze and evaluate technical information. Moderate knowledge of application and system vulnerabilities and exposures. Knowledge of basic system, network, and operating system hardening techniques. Strong knowledge of Information Assurance (IA) principles and tenets (confidentiality, integrity, availability, authentication, non-repudiation). Moderate knowledge of network architecture concepts including topology, protocols, and components. Knowledge of network communication protocols and directory services. Knowledge of network security architecture and risks associated. Knowledge of system administration concepts for Unix/Linux and/or Windows operating systems.  Moderate knowledge of security policies and practices, including ISO 27001 and Payment Card Industry (PCI). Ability to work independently on tasks and take ownership of projects. May received detailed instructions on assignments, but is comfortable with independent decision making. 

JOB COMPLEXITY:  Collaborates across the organization to execute and mature the Risk Assessment process, including following established procedures for processes, methodologies, and reports.  Participates in cross-functional workgroups and planning meetings to promote ideal solutions that meet the objectives of both the business and the IT Risk, Compliance, and Information Security team. Where ideal solutions cannot be found, escalates control failures and enterprise level risks to management. 

Risk: Conducts IT Risk and Information Security due diligence activities relative to vendors and third parties. Conducts risk assessments and documents findings where the deviation from an information security or IT Risk policy or standard is desired. Communicates the value of Compliance, IT Risk, and Information Security within the team.

Compliance: Assists in annual audits for industry specific reports, including PCI, ISO27001, SOC1, SOC2, SOC3, SOX, and CDSA. Documents findings where deviations exist through internal or external testing.  Executes internal control testing according to documented processes. Promotes sharing of expertise through consulting, presentation, and documentation. Executes cross-functionally to ensure a holistic approach to security and compliance across the organization. Executes established compliance processes with IT and Information Security policies, standards, guidelines and relevant legal and regulatory requirements. Assists in updating internal control matrices where necessary to support annual changing environments. Supports business partners where necessary in dealing with current and prospective clients. Assists teammates in coordinating between internal control owners and external auditors, including kickoff meetings, interview requests, closing meetings, and evidence gathering. Assists in internal customer audits which include scheduling, presentation of the Rackspace compliance portfolio, and overseeing the successful visit in conjunction with Account Managers. Continuously validates the organization against additional mandates, as developed, to ensure full compliance. Helps to create risk remediation plans with business owners and follows through in the implementation of changes. 

SUPERVISION:  General instruction on routine tasks, detailed instruction on new tasks.

EXPERIENCE/EDUCATION:  High school diploma or equivalent required. Bachelor’s degree in Computer Science/Computer Studies/Information Technology/Information Security or a related field is preferred. Experience may substitute for degree at 1 year experience for 1 year of education. Minimum of 2-4 years of practical information security experience in developing and maintaining secure architectures for large enterprises is preferred, including 1-2 years in a Rackspace-type environment. CISA, Security+, Project+, and CISSP Professional certifications preferred. Risk: CRISC.

PHYSICAL DEMANDS: General office environment. Moderate levels of stress may occur at times.  May require long periods sitting and viewing a computer monitor.  No special physical demands required. Schedule flexibility to include working a weekend day regularly and holidays as required by the business for 24/7 operations.  Occasional travel, less than 10%.

POLICY COMPLIANCE: Responsible for adhering to company security policies and procedures and any other relevant policies and standards as directed.