Senior Professional Security Compliance

Job Description

Make sure you have read the Job Description Guidelines prior to compiling your job description. Enter the job description in the template below, using the Guidelines. Then copy and paste the content into the corresponding Taleo fields and format appropriately. After you save this document, you can delete the grey direction cells.Enter in Requisition Title field of Taleo (replace pre-populated title)Governance and Risk Compliance OfficerEnter in Description field of Taleo. (Internal and External, replace pre-populated generic content.)Apply advanced Information security knowledge to be applied to customer business issues and is regarded as a subject matter expert. Integrate technical knowledge and business understanding to provide a solution to customers information security governance needs. Capable of applying Risk based approach to all activities, understand operational risks and convert to Information Security Risk identification, assessment and treatment.As Account Security Officer, he/she is accountable for all IT security-related compliance and delivery for the customers assigned. In a typical engagement, he/she operates as a trusted adviser in the organization, working with senior management and focusing specifically on security environment in relation to client business objectives. The ASO helps understand operational issues and plans next steps from an information security viewpoint.This requires the ability to interact and influence at a managerial level within client organizations such as Information Governance and IT Security leads. He/ She will be able to demonstrate industry expertise and understanding of the security governance and compliance.Key Responsibilities

• Responsible for the security and audit compliance-related business process improvements for the India Center
• S/he is responsible for the continuous improvement of the information security processes like
• Risk assessment, policy implementation, security and business continuity planning,
• Security training, security incident management, security infrastructure management and
• Security operations, audit and compliance management processes regarding statutory, regulatory and contractual requirements.
• This will include coordinating with all support functions such as HR, IT, Legal, Facilities, physical security etc. and execution of the internal audit/assessment plans.
• Will be representing the Information Security & Compliance function at key control meetings / Service Line meetings.
• Project Management: Participate, propose, and/or lead customer and internal projects across technology customers and/or internal businesses/end user s areas, including transformation.
• Teamwork: Work as part of a team, which may be virtual, global, and/or multi-functional. Lead teams which address operational processes and policies in work area. Seen as a resource to the team in one or more technical or business areas.
• Becoming a trusted advisor inside and outside the team/technology area. Typically advises or sets direction for: Group(s) of customers with similar needs /Region
• Compliance and operational focused
• Lead Security operational governance activities
• Dedicated or Shared (Industry)
• Seek to identify additional DXC/Enterprise Security Services Governance and Client Compliance (GCC) revenue for the HP account.
• Ensuring delivery excellence in Information Risk Management operations (Ensuring avoidance of non-performance / non-compliance contractual penalties).
• Relationship management with DXC ESS suppliers to client.
• Maintain an account security plan for the selected account(s)
• Manage and reports security incidents
• Ensure Audit preparation, facilitation and remediation
• Manage Security Risk and Exception to standards management
• Ensure knowledge and implementation of security fundamentals, policies and standards (regulatory and contractual)
• Escalate and resolve Security Issues
• Coordinate delivery of Security Metrics and Reporting in support of contractual commitment

Typical skills include:

• Experience in a governance role
• Experience working with ISO 27001, ISO20000, ISO 31000, HIPAA, PCI-DSS, SOX & the Privacy Act standards and regulations for organizations size of 500+people.
• Experience performing threat and risk assessments on environments and new technology types
• Ability to assess and audit operational, management, an technical security controls against a standard and to assess risk
• Experience managing incidents, and developing incident response.
• Experience supporting 3rd-party audit activities
• Experience in successfully handling client visits & deal security.
• Experience in designing the information security policy and procedure development, management, and compliance assessment reports
• Should be capable of conducting independent assessments for the Deliveries on ISO 27001, ISO 20000 standards.
• Promote the awareness and understanding of good operational InfoSec risk practices.
• Experience with managing the classified data spill incidents.
• Experience in conducting the information security awareness training programs (DXC and third parties)
• Excellent and effective communication skills at all levels of management (customer and within DXC)
• Ability and willingness to travel when required (On need basis)
• Exposure to international clients and pricing knowledge will be an advantage

Enter in Qualifications field of Taleo (Internal and External, replace pre-populated generic content.)

• Bachelor s degree in Computer Science, Engineering, or equivalent.
• Hold technology certification(s) in work field (Compliance & Audit)
• Typically 8 years of experience with at least 6 years in the field of Information Security
• Certifications must have: CISA or CISM, ITIL V3, ISO 27001 LA
• Certifications desirable: CISSP, ISO 20000 LA, CEH, Sec+, CEH
• Knowledge and experience on ISO 31000.
• Knowledge of PCI-DSS, HIPAA

,

Keyskills :
information security governanceaccrualsiso 31000balanceaccountancybusiness continuity planninginformation security awarenessit securityeffective communication skillsiso 27001iso 20000pci dssqualitysap