Oversees PCI-DSS program compliance; security policy and standards. Governs Microsoft O365 security and compliance portal; exceptions; and reporting. Ensure information security program compliance through engagement across all IT teams. Collaborates across the IT, Finance, Legal & Risk business segments on various security and compliance activities. Essential Duties and Responsibilities:
• Manage the PCI-DSS program through collaboration with stakeholders; including but not limited to meeting facilitation, reporting, evidence collection/tracking, remediation, and development of responses.
• Define and manage security and data governance policies across O365 locations, identities, and applications. Stay up to speed on organization’s data in O365.
• Analyze security vulnerability scan results; prioritizes vulnerabilities; and collaborates across IT teams to mitigate risks to an acceptable level.
• Assist in the formation and execution of information management framework, policy, and standards for data loss prevention, privacy, data classification, and retention of digital information.
• Implement information security best practices which align with industry standards in support of the IT business segment and information security strategy.
• Collaborate with the Security Operations Center (SOC); assist with creation of repeatable process documentation; Microsoft O365 alert monitoring; and incident response playbooks.
• Ensure adherence to IT security and enterprise governance standards, processes and controls.
• Create end user security awareness related to Microsoft O365 through participation in the delivery of information security best practices and threat remediation; view and investigate threats to users, review security analytics and reports across O365 products, stay up to speed on threat landscape.
• Participate as a member of the Incident Response Team (IRT); focus on security event response, forensic investigations and incident recovery.
• Assist employees, vendors or other customers by answering questions related to security governance policies, processes and procedures.
• Stays current on the latest security and IT industry technologies, trends and strategies.
• Completes work in a timely and accurate manner while providing exceptional customer service.
• Other duties as assigned.
• This position requires a minimum of 5 years information security experience with progressive complexity and responsibility.
• A minimum of 5 years’ experience with information security and data governance required.
• Demonstrated ability to analyze process workflows and identify security gaps and bottlenecks is required.
• Ability to communicate across all levels of the organization, articulate technical ideas to a non-technical audience, both verbally and in writing, is required.
• Microsoft O365 security and compliance portal administration highly desired.
• Proven knowledge of information security tools, including, but not limited to, intrusion prevention, vulnerability scanning, syslog, firewall policies, reverse proxy and authentication highly desired.
• Demonstrated knowledge of PCI-DSS standards is preferred.
• Corporate retail experience is preferred.
• Experience in identifying issues, performing root cause analysis, identifying relevant business risks is preferred.
• Demonstrated critical thinking a plus.
• Demonstrated ability to work efficiently under pressure, accurately meet deadlines, present a professional demeanor and work well independently is essential. In addition, troubleshooting and organizational skills with a can-do attitude and the ability to adjust to changing requirements are essential to success for this position
• This position requires an associate or bachelor’s degree in Computer Science, Business, Criminal Law or related field or equivalent experience.
• Security certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), CompTIA Security+, or Systems Security Certified Practitioner (SSCP) highly desired.
• Microsoft security or administrator certifications a plus