Job Summary :
The Manager of Information Security will work collaboratively across the BCD Travel organization to plan, direct and coordinate security compliance initiatives to ensure compliance with regulatory, legal and contractual obligations.
The Manager will align the security policy and standards with business need and will clearly communicate those needs into requirements actionable by the BCD Travel organization.
The Compliance Manager will also identify and report on the compliance, the effectiveness of the security controls and will support security posture improvement efforts of BCD Travel
Essential Duties and Responsibilities :
Foster a security positive culture :
Promote and exhibit collaboration and positive teamwork
Use a teaching / education approach to help users understand their risks and better protect information and systems.
Analyze, report and integrate security into daily business operations.
Build relationship and create value :
Provide high quality customer service by listening and understanding the needs of the users.
Evaluate and implement methods to continually improve security and assist business with reducing risks.
Leverage industry leading knowledge to analyze and assess gaps and provide recommendations for remediation
Demonstrate and employ consultative expertise to share opportunities to enhance security through improving business operations.
Comply with business requirements :
Study and understand the core functions and services that are provided by the business.
Be familiar with the security requirements and controls needed to maintain the business operations.
Translate business requirements into actionable security tasks.
Assess gaps and develop remediation plans
Integrate and implement security requirements into business requirements.
Continually evaluate effectiveness to achieve business objectives.
Validate the implementation of security policies, practices and systems' ability to maintain compliance to business requirements.
Demonstrate extensive mastery of security controls to meet legal, regulatory and contractual requirements
Utilize a risk based approach :
Stay current with industry trends and emerging technologies relating to Information Security.
Identify and communicate threats and vulnerabilities that could impact business operations.
Assess, document and communicate risks in context with business operations.
Develop and communicate remediation plans capable of reducing risk to the organization.
Assist business owners with prioritizing risks and consulting users on adequate compensating controls to reduce
Protect information :
Review and understand the security policies, procedures and standards
Assist with communication, implementation and analysis of compliance to security policies, standards and procedures
Assess and communicate security control strengths and opportunities with relevant stakeholders
Identify, classify and respond to threats using industry leading practices and in accordance with data classification
Develop, implement and report metrics to monitor use of information management investments and secure operations.
Implement and execute enterprise security governance framework
Report security performance :
Collect, calculate and format data for metrics reporting.
Analyze metrics and report trends and opportunities for improvement.
Develop, monitor and report security control effectiveness
Develop measurable goals and objectives
Communicate status of initiatives and their capabilities to meet business needs
Understand the organization’s core competencies and the value delivered to business processes.
Drive operational efficiency through effective management of security staff and other supporting resources (people, financial and services).
Develop functional strategic direction to meet business requirements and security goals.
Direct, analyze and respond to resource constraints impacting program timelines and deliverables
Utilize skills in consulting, auditing and business process analysis to identify and communicate gaps to meeting security objectives.
Perform other information security projects / duties as needed
Team Management & Leadership
Manage human resources including hiring, coaching, scheduling, terminating, training, motivating, recognizing achievements and evaluating performance.
Perform or direct personnel recruiting, hiring, training, and separation. Exercise hiring and firing authority in coordination with HR.
Evaluate and manage employee performance and conduct periodic appraisals
Create Development Plans that promote employee growth, development and success
Education / Knowledge / Experience
Proven experience as compliance manager with minimum 5 years of information security compliance and risk management
Direct staff management (3 years)
Broad range of exposure to all aspects of IT security audit planning, audit methodologies, risk management methodologies and contract review
Expert level knowledge in various industry standards and best practices such as PCI, ISO / IEC 27001, SOCI I & II Certifications
Proven track record in managing and implementing information security governance, risk and compliance programs using industry leading solutions such as RSA Archer
Excellent business communication skills
Ability to work autonomously or as part of a team, within targets and deadlines
Proven experience working in a global organization with diverse cultural considerations and time zones
Degree / Master Degree in information security, information technology or related discipline
Security industry relevant certifications such as CISA, ISA, CISM, CISSP, CRISC, HISP, etc.