The IT Risk & Compliance Manager engages in activities to support USCC’s information security compliance and risk requirements, Payment Card Industry Data Security Standard for credit card transactions, as well as supporting the Chief Privacy Officer in ensuring compliance to Customer Proprietary Network Information standards. Additionally, the Manager ensures that IT security compliance and risk management support Enterprise business objectives.
- Assists and supports Sr. Manager, IT Risk & Compliance, in driving and maintaining the implementation and maintenance of framework that manages IT governance, risk and compliance objectives.
- Provides PCI subject matter expertise for annual PCI Report on Compliance, or other PCI controls and activities that require this expertise.
- Provides CPNI subject matter expertise for CPNI IS and Engineering control quarterly testing.
- Provides SOX 404 subject matter expertise for all testing of IS SOX controls.
- Ensures identified control issues are documented in remediation plans.
- Documents and reports the status of remediation items, their owners and the commitment dates for closure.
- Collaborates with Chief Privacy Officer in matters relating to information security requirements of third party contracts; interfaces regularly with internal and external counsel; and facilitates CPNI compliance objectives within the technology organizations.
- Participates in annual SOX audit with external auditor and provides in-depth insight into USCC’s TOPS financial system.
- Leads organizational awareness of compliance, risk, security and privacy concepts and best practices.
- Demonstrates to the IS organization how effective IT risk management practices enable compliance and business process efficiency.
- Reviews new project initiatives and provides input on potential risk, compliance and privacy related requirements.
- Manages IT risk management, compliance and security governance activities.
- Delivers on simultaneous projects and priorities with tight schedules.
- Leverages appropriate resources to meet objectives.
- Translates compliance and technical requirements into relevant and understandable terms.
- Instills trust and credibility with internal and external stakeholders.
- Effectively partners and collaborates with other Associates, as well as with leaders at all levels of the company.
- Displays discretion in all internal and external communication.
- Bachelor’s degree in related technical area or equivalent experience. Master’s degree is a plus.
- Minimum 5 years of relevant technology experience in multiple information security/technology areas required
- Minimum 3 years of risk management and/or compliance experience in wireless industry highly desirable.
- Holds certifications such as: CISSP, CISA, PCI ISA, CISM, CRISC; CIPP, CIPP/IT a plus.
- Basic knowledge of project management methodologies and tools.
- Experience with SharePoint is preferred. This is the tool that the GRC team uses for tracking relevant document revisions and policy updates.
- Impeccable written and verbal communication skills.
- Experience in leveraging strong interpersonal, influencing and negotiation skills.