IT Risk Lead
What you’ll be doing: As the IT Risk Lead you will work in conjunction with legal, compliance, operations, analytics, and other technology groups to manage our PCI and Business Continuity programs, facilitate risk management of internal and enterprise architecture projects, and manage external partner and vendor relationships.
Your responsibility will be to assist in managing our control framework and educating our associates on appropriate security measures. Through your leadership ability you will improve controls, policies and processes. You will have strong decision-making capabilities with the ability to weigh relative costs and benefits of potential actions and identify the most appropriate one for Enova.
Your core priorities will be to:
- Proactively monitor and adjust for risk around newly developed products, prevent data breaches and data hacking, and focus on threat detection
- Manage compliance for audits and work with external partners for PCI audits, SOX audits, and UK privacy audits
- Manage expectations and relationships with partners and ensue there are no roadblocks, correct information is provided for audits, and timelines are met
- Work in conjunction with internal teams to collect evidence for audits and while evaluating vendor infrastructure for associated risk
- Collaborate with internal teams and be able to communicate findings with nontechnical audiences
What you should have:
- Experience with networking and security (TCP/IP, Routers, VLANS, Firewalls, WAF, IDS, DLP, SDLC) and can understand and follow a packet
- Strong technical understanding of application and cloud security controls (OWASP 10 and AWS)
- Experience hands on and managing a PCI-DSS (as a Level 1) program, annual audit and remediate any issues
- Experience with results of vulnerability scanning tools (Qualys), interpret the results and remediate findings
- A strong understanding of controls (NIST, ISO, PCI, SOX), how to apply them and assess them to create a mitigation plan and ensure implementation is successful
It would be ideal to have:
- Experience with SQL scripts, RegEx, and shell scripts
- Have knowledge of Pivotal Tracker, SpringCM, AWS, Tenable, TripWire, McAfee, F5, Cisco, Palo Alto, Splunk and Metasploit
- Have one or more relevant security certifications; CISSP, CISA, CISM, GIAC-GISP, GIAC-GCFA, CEH, PCI-ISA, etc.
Enova is a leading provider of online financial services that leverages its advanced technology and analytics to provide access to credit for non-prime consumers and small businesses. Our roots are in Chicago, but we have served nearly 5 million customers through our six businesses in the U.S. and abroad. We pride ourselves on hiring smart and driven people who bring new and innovative ideas to the table. Our philosophy is, "Life’s short. Work some place awesome."
Many of us consider our people to be Enova’s best perk. But to sweeten the deal, we also have a pretty awesome list of conventional (and less conventional) perks and benefits including competitive salaries, health care benefits, a 401K matching plan, a revamped parental leave program (and brand new nursing rooms for our returning mothers!) summer hours, tuition reimbursement and a sabbatical program. And of course we also have the things you’d expect at a leading tech company in Chicago, such as the snacks, game room, onsite massages/barbers/nail technicians, monthly social events, and sporting sponsorships.
Our goal at Enova is to recruit, hire, develop and maintain a diverse workforce. It is our policy to provide equal employment opportunity for all persons and not discriminate in employment decisions by placing the most qualified person in each job, without regard to any other classification protected by federal, state, or local law.