Remote Security Risk and Compliance Management Specialist IV

Summary

Join Rackspace Technology as Compliance audit and Risk Management Expert who is well-versed in multiple security compliance frameworks, third party (vendor) risk management, and process improvements. Strong experience in PCI v4, SOC 1, 2, & 3, HITRUST v11, and ISO 27001 preferred.

Requirements

• 5+ years of experience
• Experience in leadership in information security policy, standards, compliance, technology and programs a plus
• Must have at least one of the following active certifications: CISA, CISM, CISSP or CFE
• Other related certifications such as ITIL, PMP, SANS/GSEC, CIPP, CRISC, CGEIT, CPA/CA are preferred, but not required

Responsibilities

• Acts as an advocate in development of overall information security program globally
• Creates and performs global IT Risk and Compliance assessments
• Performs gap assessments, coordinates remediation planning/execution, and works with auditors and system owners to ensure all audit requirements and controls are properly addressed and in place for various compliance frameworks
• Assists in development and execution of information security, compliance, and risk best practices globally through audits, assessments, and policy-making
• Leads cross-functional team members in strategy development and implementation of risk framework and compliance solutions
• Independently performs complex and often unique work assignments and problem resolution
• Serves as the subject matter expert to ensure documents, projects, process, and product initiatives comply with regulatory and legal requirements and enterprise policy
• Develops training and communication of Information Security, IT Risk, and compliance
• Maintains expert knowledge of the competitive/regulatory landscape and company's key challenges
• Coordinates and responds to regulatory requirements and requests, and ensures the execution of examinations
• Conducts IT Risk and Information Security due diligence activities relative to vendors and third parties (TPRM)
• Develops and recommends compliance solutions impacting the enterprise
• Develops Risk Assessment process, charters, policies, methodologies, and reports
• Leads cross-functional workgroups, communication strategies, and planning meetings to develop solutions that meet the objectives of both the business and the IT Risk, Compliance, and Information Security team
• Oversees implementation of operational and non-operational risk management programs by providing guidance and assistance to business units with the identification, evaluation, understanding, management, and communication of risk
• Provides data and analytics in support of the risk officer and risk committees
• Directs analysis and root cause identification
• Conducts risk assessments and documents findings where the deviation from an information security or IT Risk policy or standard is desired
• Ensures risk remediation plans meet key business objectives and partners with the business owners to follows through with corrective action steps
• Develops appropriate data and analytics that deliver appropriate data to communicate risk at the executive level
• Provides subject matter expertise on areas of security, privacy and regulatory compliance to Sales, Marketing, Product Development, Legal and Policy teams
• Conducts detailed analysis of risk rating, risk appetite, and provides data driven summaries to business leaders
• Documents and provides detailed analysis of findings where deviations exist through internal or external testing
• Assists policy personnel in technical conversations with policy makers, industry bodies and other third-parties to advance Rackspace’s message
• Provide feedback to product management in the development of trust-related features, and supports regional security and compliance accreditation projects
• Develops internal control testing and documented processes
• Updates internal control matrices where necessary to support annual changing environments
• Adapts and creates processes as applicable, including changes in processes or reporting metrics
• Executes as the conduit between internal control owners and external auditors, including kickoff meetings, interview requests, closing meetings, and evidence gathering
• Executes internal customer audits which include scheduling, presentation of the Rackspace compliance portfolio, and overseeing the successful visit in conjunction with Account Managers
• Responsible for adhering to company security policies and procedures as directed

Benefits

• Fluent, Bi-lingual (Spanish and English): interviews will be held in English
• Role can work remotely in the states of Ciudad de Mexico, Jalisco, Nuevo Leon, Aguascalientes, Queretaro, Estado de Mexico and Puebla
• This opportunity is a permanent remote job, but you need to be based in Mexico at one of the above locations