This job board retrieves part of its jobs from: Toronto Jobs | Emplois Montréal | IT Jobs Canada

Find jobs in Georgia today!

To post a job, login or create an account |  Post a Job

  Jobs in Georgia  

Bringing the best, highest paying job offers near you

 previous arrow
 next arrow
Slider

New

Data Privacy and Cyber Security Manager

Sigura

This is a Full-time position in Alpharetta, GA posted February 22, 2021.

    The Data Privacy and Cybersecurity Manager (DPCM) provides overall day to day and strategic leadership in the development, implementation, and maintenance of all enterprise security and compliance policies, processes, practices and systems, and all related services for all countries in which Sigura operates.  The DPCM will be responsible for establishing a strategic roadmap for all key security and compliance platforms, build and manage Sigura’s privacy program, develop and maintain privacy policies for internal, and privacy statement for external use, and to describe privacy requirements for business partners and service providers.  Additionally, the DPCM will provide guidance to senior business leadership as to the required investment and actions necessary to maintain compliance, respond to specific customer requests and maintain a secure posture in the environment. The DPCM will provide insight into emerging technologies and their application/value proposition to tactical and strategic business operations.

    The DPCM will be responsible for managing and developing an outsourced provider of IT Security Analysts, providing technical guidance and direction to other systems analysts and technicians relative to security and compliance, as well as providing technical guidance and direction to managed services providers and outside consultants/contractors. Acts as an internal consultant and primary subject matter expert for all IT risk and compliance related concerns.

    The DPCM will manage the design, implementation, operation, and evolution of Sigura’s enterprise wide IT security risk management and compliance programs across the entire enterprise for all relevant IT compliance regimes (e.g. NIST, DERA, GDPR/CCPA). The DPCM will be responsible for developing and maintaining an enterprise security and compliance readiness posture through policy, architecture, and training processes. Additional tasks will include the selection of appropriate security and compliance solutions and oversight of any vulnerability audits and assessments driven by regulatory or contractual requirements.

    The DPCM will be the single point of contact for all customers related to contractual compliance requests and issues, conducting customer risk assessments within customer requested timelines, and managing and responding to customer audits.  The DPCM will lead negotiations with customer auditors in the best interest of Sigura and develop all audit responses.  The DPCM will manage external security and compliance auditors for Sigura as well. 

    The DPCM conducts privacy risk assessments, focused on specific business processes or applications. He or she also identifies and suggests prioritization of privacy risk treatment for the organization, and determines how to maintain and improve adherence to regulatory requirements and corporate policies. The DPCM will craft privacy training and awareness programs, and set up a data breach response plan.

    The DPCM is expected to interface with peers in the IT Operations team and the Enterprise Application Development team as well as with the leaders of the business units to both share the corporate security and compliance vision and operational requirements with those individuals and to manage their involvement in achieving higher levels of enterprise security and compliance through information sharing and collaboration.  The DPCM will be responsible for developing and maintaining the necessary critical security/compliance initiatives project status and managing the communication and follow-up actions with the senior business leaders, including Board and Audit Committee Members as requested.

    The DPCM will maintain enterprise-wide situational awareness of the IT risk and compliance landscape, and cultivate relationships with industry peers, internal and external auditors, and appropriate regulating bodies.

    Key Responsibilities:  

    • In conjunction with the Global Head of IT, Directors, Managers and business leaders, develop an understanding of Sigura’s strategy and priorities.
    • Utilize this Sigura strategic knowledge, market knowledge and general business acumen to conceive and propose enterprise class solutions to meet current & future business demands.
    • Design, implement, maintain, and develop strategic thought-leadership for multiple information security disciplines such as security policy, awareness and education, risk management, electronic discovery, digital forensic investigations, incident response, vulnerability management, intrusion detection and prevention, regulatory compliance, and security operations.
    • Draft, review, and maintain information security and compliance policies, processes, and procedures.
    • Plan and prepare information security awareness and education materials and other documentation.
    • Determine and document information security requirements, controls, and standards necessary for the protection of information resources.
    • Implement and administer plans, processes, and procedures necessary to ensure compliance.
    • Lead customer engagements and interactions relative to all security and compliance inquiries, contract negotiations, risk assessments, and audits
    • Develop and maintain an ongoing technical training program for staff.
    • Supervise other information security professionals and act as a senior consultant to internal and external stakeholders or auditors as well as senior management.
    • Act as enterprise Subject Matter Expert by providing guidance and assistance regarding information security matters such as the interpretation of information security policies and requirements or their applicability to particular situations.
    • Manage information security incident response activities, risk assessment and risk management activities, and vulnerability assessment and vulnerability management activities spanning multiple business units.
    • Manage detailed network, operating system, database, and application vulnerability assessments and security configuration audits.
    • Manage information security projects and initiatives.
    • Oversee operational tasks supporting information security functions such as intrusion detection and prevention, security event log analysis, management reporting, virus prevention and remediation, encryption, network segmentation, remote access, and authentication.
    • Manage, support, maintain, monitor, troubleshoot, and enhance security infrastructure tools, methodologies, software, and hardware.
    • Represent Information Security to other departments within the organization on information security and compliance-related matters, as assigned.
    • Perform related responsibilities as required.
    • Maintain, develop and implement Sigura’s privacy program and the resulting privacy policies, procedures and documentation for the processing of personal data in coordination with appropriate members of the organization (e.g., business process owners, legal, information security, risk management, and the ethics and compliance officers).
    • Devise and update policies and procedures for customers, employees and data breach incident responses, ensuring alignment with the actual implementation of personal data processing activities.
    • Monitor continuous adherence to the privacy program’s requirements
    • Work to ensure the organization maintains the appropriate privacy and confidentiality consent procedures, authorization forms, and information notices.
    • Establish and work with a multidisciplinary team, including audit and risk, compliance, HR, legal, business process owners, IT, security and other internal stakeholders to ensure enterprise wide coverage of the privacy discipline.
    • Work with procurement, vendor management and the legal department to ensure that third-party suppliers’ contracts and operating-level agreements meet [international] privacy requirements.
    • Implement and maintain an internal reporting mechanism for intended (new or changed) personal data processing activities, to which business unit/process owners must adhere.
    • Determine the enterprise’s specific privacy-related requirements and potential vulnerabilities.
    • Receive and manage internal reports from business stakeholders to maintain control over all project and innovative initiatives, including change management, to ensure timely attention for privacy bottlenecks and hiatuses.
    • Develop, improve and manage the privacy impact assessment process, in close collaboration with business stakeholders.
    • Conduct regular privacy policy compliance assessments to ensure that Sigura’s privacy policies are being adhered to.
    • Support the creation of an inventory that documents how and why Sigura collects, shares and uses personal data.
    • Continuously update and re-evaluate the extent to which customer and employee information is collected and shared internally and externally.
    • Monitor the data request and usage processes, purpose-based authorized use and prevention mechanisms’ effectiveness against unauthorized use, and cross-border data transfer matters for personal data across Sigura.
    • Maintain Sigura’s registry of all personal data stores and processing activities.
    • Influence Sigura’s retention program to facilitate deletion or anonymization of personal data that is no longer needed for identified purpose(s), and in accordance with applicable requirements.

    Key Requirements:

    • Bachelor’s degree in Computer Science, Management Information Systems, Business Management or related studies or equivalent work experience.
    • A minimum total of 10 years of experience in Information Systems/Technology, or related field with a minimum of 5 years in IT security management.
    • A minimum of 3 years of enterprise level management, portfolio/project management, or lead consulting experience.
    • A minimum of 2 years managing teams of 5 or more including staff and or contractors.
    • Demonstrated experience leading large-scale enterprise risk management and/or compliance management efforts in a complex and/or highly distributed environment.
    • Expert level knowledge of multiple compliance regimes (e.g. GDPR, CCPA, New York Shield, etc.), information security frameworks (NIST, ISO, COBIT, etc.) and IT risk management methodologies.
    • The ability to quantify the risks of different IT architectures, and then communicate to executives how to manage that risk.
    • Demonstrated ability to build collaborative organizations working effectively in a cross functional team environment
    • Possesses initiative, drive, and sound judgment
    • Excellent project management and team participation skills.
    • Excellent written and verbal communication skills.
    • Ability to meet aggressive timelines and targets
    • Flexibility and ability to reprioritize as the demand and needs of the business change
    • Ability to establish standards and procedures and advocate best practices

    Certifications that are preferred for this position include:

    • CISSP – Certified Information Systems Security Professional
    • CISM – Certified Information Security Manager
    • CISA – Certified Information Systems Auditor
    • CRISC – Certified in Risk and Information Systems Control
    • GIAC – SANS Global Information Assurance Certification
    • CIPP – Certified Information Privacy Professional
    • CIPM – Certified Information Privacy Management
    • CIPT – Certified Information Privacy Technologist

     

    Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities

    The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)

    Please add your adsense or publicity code here (inc/structure/adsfooter.php)