Information Security Risk and Compliance Manager at Avant
What you do at Avant:
- Advocate for company Information Security related issues via routine risk assessments.
- Lead and manage audits and reviews to ensure compliance with regulatory standards.
- Manage the PCI compliance program: Maintaining adherence to the PCI DSS and tracking upcoming changes and tracking remediation of compliance gaps. Adhere to the cadence of quarterly reviews and yearly audits.
- Manage third party information security compliance and security assessments and coordinating with the appropriate regulatory entities and authorities.
- Engage with critical third parties and validate adequate controls are in place on a routine basis.
- Be fluent in and represent Avant’s Information Security program to third parties.
- Respond to questionnaires regarding the Avant Information Security Program.
- Foster strong relationships with internal business units and excel in risk management, technical controls and cybersecurity communication.
- Serve as a point of contact and liaison with external examiners for assessments throughout the year and at end-of-year evaluations.
- Collaborate with teams and employees to ensure compliance with audit standards, close audit findings.
- Monitor changes to the regulatory frameworks and landscape and recommend policy changes to the Executive team that will help the business be proactive in maintaining compliance.
- Travel as needed to office locations and third-party on-site engagements when safety circumstances dictate.
- Perform other duties as assigned
Why you are a fit for Avant:
- Bachelor’s degree in information systems or related field or equivalent experience.
- People management experience or interest
- Ability to influence and achieve results via accountability and negotiation and creative problem solving.
- Exceptional written and verbal communication skills.
- Strong facilitation skills with a proven track record of proactively obtaining consensus across working teams toward a common goal.
- Experience working with external partners and handling outside facing relationships.
- Experience working with government and regulatory entities is a must.
- Experience interpreting revising and planning around policies a must
- 5 years experience managing projects or programs.
- Experience in cloud environments a plus
- Experience in information security compliance is a plus.
- Experience configuring and implementing GRC systems around processes is a plus.
- Fluencing in FAIR methodologies is a plus.