Compliance Program Manager
Trustwave helps businesses fight cybercrime, protect data and reduce security risk. With cloud and managed security services, integrated technologies and a team of security experts, ethical hackers and researchers, Trustwave enables businesses to transform the way they manage their information security and compliance programs. Trustwave delivers automated, efficient and cost-effective threat, vulnerability and compliance management. Trustwave is headquartered in Chicago, with customers in 96 countries. For more information about Trustwave, visit https://www.trustwave.com
Compliance Program Manager – MSS will be part of MSS Labs team and will provide oversight on all technology initiatives, participate in change control board to review changes and be a point person interfacing with external and internal auditors for all compliance reviews. Current compliance requirements include PCI, HIPPA, NERC, & SOC2/3 with possibility of additional compliance controls being added based on customer needs. Ideal candidate will have strong experience in performing similar duties for internal clients.
- Helps the MSS Organization meet their compliance obligations by evaluating their business, technology and operations against security standards and regulations like the PCI DSS, , SOC2 & NERC.
- Sharing your expertise with clients and colleagues to aid in making decisions on topics like strategy and scope as well as deep and highly technical projects like web application architecture and security.
- Providing clear, organized findings and recommendations to internal teamsand tracking progress towards resolution and compliance.
- Producing detailed, high-quality reports for internal teamsand third parties like external auditors and customers
- Learning from our close-knit group as well as contributing your thoughts, tools, industry news or lessons learned.
- Working with internal teamsto implement practices to produce secure applications and identify and eliminate security vulnerabilities
- Working independently, undertaking information security engagements including working co-ordination and project management ( interactionwith internal teams, deliverables, work plans, escalation's, etc.)
- Providing regular status reports on all projects assigned
- Being a team player and having the capability to expand/adapt your skills in fast-paced ever-changing industry.
Skills and Qualifications
Must have advanced skills/knowledge in some of the following:
- Must have previous professional experience providing consultative services as either an internal SME or as a third-party consultant.
- Strong professional expertise in information security, must have the ability to thoroughly understand complex principles and apply them practically.
- Comfortably present security concepts or findings to both highly technical and entirely non-technical audiences.
- Strongly prefer candidates with payment card (PCI DSS, PA-DSS, P2PE, PFI), financial (GLBA, SOX, SSAE 16) or health care (HIPAA/HITECH) experience.
- Interested in learning more about forensic analysis or incident response, we have great teachers in our world-class SpiderLabs colleagues.
- Must be willing to participate in relevant professional organizations like OWASP, InfraGard, and ISACA.
- Occasional travel to various Trustwave locations is required, opportunities for international travel are available.
- Trustwave will provide time and training for you to take and maintain industry relevant certifications, we will also provide you success bonuses when you receive said certification.
We prefer college-educated applicants, but at minimum, high school diploma or equivalent is required for employment.
Trustwave is an Equal Opportunity Employer of Minorities, Females, Protected Veterans, and Individuals with Disabilities.
To All Agencies:
Please, no phone calls or emails to any employee of Trustwave outside of the Talent Acquisition team. Trustwave’s policy is to only accept resumes from agencies via the Trustwave Agency Portal. Agencies must have a valid fee agreement in place and they must have been assigned the specific requisition to which they submit resumes, by the Talent Acquisition team. Any resume submitted outside of this process will be deemed the sole property of Trustwave and in the event a candidate is submitted outside of this policy is hired, no fee or payment of any kind will be paid.