Receive alerts when this company posts new jobs.

Similar Jobs

Job Details

IT Security Compliance Team Lead

at Darden

Posted: 9/20/2019
Job Reference #: 454782

Job Description

IT Security Compliance Team Lead

Job Description

The IT Security Compliance Team Lead oversees a team to maintain Darden’s high standard of security compliance in a rapidly changing, fast paced environment. This hands-on role works closely with business units and leadership to develop a risk/security/compliance framework; designing, planning, implementing, testing and auditing compliance requirements to ensure consistent adherence to company regulating entities (SOX, PCI, 3rd Party Risk). This role works cross-functionally at all levels of the enterprise to ensure the security compliance strategy is being implemented effectively and in a timely manner.

– Implements and leads security and compliance projects and initiatives based on strategy and scope set by the Director of Information Security, including facilitating the rollout and on-going training and awareness of security policies and standards
– Manages and leads the Security Compliance team, including coaching, developing and performance management of team
– Leads the successful completion of 3rd-party audits based on PCI-DSS; acts as subject matter expert regarding PCI compliance requirements and works with all relevant teams to coordinate compliance process, documents, evidence and approvals
– Manages relationships with external and internal auditor entities; maintaining awareness of security posture of key vendors, conducting vendor security risk assessments and tracking and reporting on KPIs and metrics
– Collaborates with Legal Services to review customer and vendor contracts to ensure that information security requirements are met
– Creates and communicates risk reporting tailored to the relevant audience including educating about the most significant risks to the business units, ensuring appropriate individuals understand the risks that might affect their departments and company
– Reviews Report on Compliance/Assessment and provides actionable steps on remediation, while advising relevant controls and best practices in line with industry compliance trends
– Researches and recommends controls and configurations aligned with security policies and legal, regulatory and audit requirements
– Establishes, maintains and reviews enterprise architecture models to enable applications development and decision-supporting activities, consistent with IT plans
– Collaborates with the broader architecture community to provide input into IT strategies and standards; translates the security risk requirements and constraints of the business into technical control requirements and specifications, as well as develop metrics for ongoing performance measurement and reporting
– Maintains current knowledge and understanding of PCI-DSS and Sarbanes Oxley, GDPR, CCPA, HIPAA an associated data privacy law to ensure compliancy in operations and products

– 5+ years' experience working within IT, IT Audit, information security risk, governance, compliance or similar department
– Experience leading people and developing and delivering project plans and enterprise initiatives
– Security certification such as CISSP, CISM, CISA or PCI QSA
– Strong understanding of NIST CSF, COBIT5, and PCI
– Knowledgeable on Encryption, NextGen Firewalls, IPS, SIEM, Identity and Access Management,
– Strong understanding of how to secure and maintain compliance with cloud offerings such as Office365, Amazon Web Services (AWS) and Azure, etc.
– This is a leadership role that requires an individual with a strong technical background, as well as an ability to manage relationships and build strong rapport with key internal stakeholders
– Demonstrated ability to communicate clearly and succinctly with business units in regard to Darden’s information security posture
– Excellent oral, written, and interpersonal communication skills

 Bachelor's degree in Computer Science, Information Technology, or a relevant field
 Equivalent education, training, or experience may be considered

– Ability to develop, draft, and communicate policies and procedures related to information security
– Ability to develop and facilitate training related to information security
– Ability to establish and maintain strong working relationships with business partners across the enterprise
– Excellent relationship-building skills and cultural awareness, along with the ability to work effectively in a matrixed environment
– Ability to maintain industry relationships and look to all sources available to develop the best technology strategies
– Capable of delivering results through a position of influence Outstanding organizational skills and ability to prioritize
– Ability to multi-task in a fast-paced environment

 SANS and other technical certification strongly preferred

Job ID

Job Location
Orlando, FL

Search Firm
This position is not open to Search Firms

Job Function