Cybersecurity Compliance Staff (Lead)

CORRECTIVE ACTION MANAGEMENT (60%)

• Drive remediation of cybersecurity, internal audit, and IT General Controls control gaps, deficiencies, and program improvement opportunities.    

• Assist project team, key stakeholders, and management to prioritize security and compliance requirements, and develop and maintain detailed project plans using standard tools. 

• Partner with audit as needed to manage audit requests, assist with escalations, and help streamline audits overall. 

• Publish and maintain a comprehensive audit calendar, assessment plan, and issue tracker. 

• Lead and organize meetings, information security assessments, analysis, mitigation, and remediation.  

• Advise in implementing solutions and mitigation plans for control deficiencies, regulatory and compliance gaps, and make recommendations for process efficiencies. 

• Drive process improvements and control implementation across business functions, including resolution of assessment findings and independent initiatives. 

• Effectively assist in leading by influence and work in a matrix/cross functional (BU Champions). 

• Build issue trackers, create status reporting for SLT, as well as build and maintain KRIs, and KPIs. 

• Partner with peer information security teams to provide consolidated reporting, and drive remediation of all open security and technical findings across WBD. 

• Execute as needed on Security & Compliance programs owned by our organization including but not limited to Audit Management & Issue Remediation, PCI, Privacy Data Security, Swift, SOX, NIST CSF, ISO 27002, MPA, SEC cyber-regulations, etc. 

• Lead targeted compliance assessments, audits, and reviews, communicating results and recommendations in clear and concise written reports; and collaborate with management to ensure corrective actions are implemented effectively. 

• Investigate compliance issues and assist with investigation reports. 

• Validate system requirements, flows, and written procedures through testing and observations, and ensure regulatory compliance operating procedures and controls are working as intended. 

• Help provide training and training materials for new processes. 

• Assist with developing and defining new and improved workflow and initiatives. 

• Perform analysis based on testing results through observations and reports to identify system and process gaps, reducing risk for WBD. 

• Document all work, and findings resulting from testing and communicate to relevant stakeholders within defined standard processes. 

• Conduct related ongoing security compliance monitoring activities in coordination with the organization’s other compliance and operational assessment functions. 

PLANNING (20%)

• Make updates to the Unified Controls Framework (UCF) as agreed with other team members and relevant governance bodies. 

• Assist in the implementation of the Company GRC system, policies, standards, and processes.  

• Participate in cross-functional teams to provide various security compliance and regulatory compliance subject matter expertise, ensuring that activities continue to support systematic processes in place and drive positive compliant behaviors or that proposed new system changes fully meet Regulatory, Security and Legal requirements. 

• Assist in creation of comprehensive and meaningful strategy presentations for senior executives. 

• Document roadmaps for key initiatives and programs. 

• Ability to contribute to building a framework and drive development through dynamic business intelligence tools and dashboards for use in ongoing business planning and goal measurement through KPIs. 

ANALYTICS & REPORTING (20%)

• Monitor the effectiveness of the compliance assessment process in accordance with agreed metrics and performance measures to drive continuous improvements. 

• Develop comprehensive performance analysis of business processes and review ways of improvement. 

• Develop and report upon agreed Key Performance Indicator metrics. 

• Develop comprehensive performance analysis of business processes and review ways of improvement. 

• Actively participate in stakeholder meetings with the goal of understanding all major projects and initiatives planned.