This position will report to the SR Information Security Manager (Governance, Risk, and Compliance) to lead and support compliance program initiatives focusing on ensuring ongoing compliance.

RESPONSIBILITIES:

1. Lead internal, vendor-managed, and cloud-hosted application access reviews to ensure access appropriateness.

2. Develop, maintain, and improve access review methodology.

3. Work with business units, control owners, and IT support staff to remediate access where deficiencies are identified.

4. Ensure compliance with the applicable Board policies and Standard Operating Procedures per periodic access reviews.

5. Recommend new security compliance metrics and automate reporting of existing metrics.

MINIMUM REQUIREMENTS:

• Bachelor's degree in computer science, Information Technology, or a related field, or equivalent work experience.
• A minimum of three (3) years of experience in information security compliance or information security-related fields.

SKILLS:

• Proficiency in Security Compliance and Regulatory Concepts, exemplified by a comprehensive understanding of relevant laws, regulations, and industry standards.
• Detail-oriented approach, especially in addressing audit findings, and implementing compensating control where appropriate.
• Proficient in conducting user access reviews and implementing and delivering effective mitigation strategies to ensure the safety and security of systems and operations.
• Familiarity with regulatory frameworks such as GDPR, HIPAA, PCI DSS, or ISO 27001.
• Extensive knowledge of best practices and industry standards such as NIST SP 800-53, and the Center for Information Security (CIS) Benchmarks.