IT Security & Compliance Specialist

Company Name:
The Talent Acquisition Group, Inc.
Our client, a global market resrearch firm, is seeking an IT Security & Compliance Specialist in the Princeton, NJ or New York City area.
The IT Security & Compliance Specialist will lead the security objectives within the IT team while working directly with the Senior Vice President of Global IT to enhance existing policies, standards and procedures and expand the scope of compliance.
The primary objective will be to extend the existing ISO 27001 scope to cover all 8 countries and 20 offices that the client operates in, and ensure that technical security audits are passed with flying colors. The company is going through a rapid growth stage and the scope of the role is likely to expand considerably.
This role will work closely with the regional Quality teams who are responsible for the business practices and project management procedures. The Specialist will also work extensively with the IT Infrastructure and Support teams, and a high degree of IT experience will be vital.
This position is aimed at candidates with some experience who are ambitious and are willing develop rapidly in a dynamic and dedicated team. This position will be mentored by the SVP of Global IT and work closely with local & overseas colleagues in tight knit global team.
The preferred location is Princeton, NJ as the majority of the IT team is based there, although New York is a possibility with regular travel to Princeton.
Lead Program Management of compliance programs, particularly ISO 27001.
Lead and perform internal audit role, remediation of deficiencies and propose design enhancements
Ensure project documentation is complete, current, and stored appropriately.
Coordinate and conduct regular enterprise risk assessments based on the Information Security Policies, supporting Standards and Procedures, compliance requirements, adherence to Information Security best practices and standard business risk mitigation.
Document findings in Risk Analysis Report and manage Risk Action Plans.
Work with InfoSec team members, business units and IT counterparts to document risk treatment plans.
Develop, manage and maintain enterprise data flows, (entity level, by business unit, and by compliance regulated data type).
Update data flows quarterly through the risk analysis process.
Participate in security event investigations producing incident response documentation and ensure that corrective actions are implemented.
Assist with the development, implementation, training and auditing of the Information Security Program and governing Policy, Standards and Procedures.
Assist Information Security Awareness Program communicating and championing policy, standards and procedures enterprise wide Creation of training materials
Lead auditing to adherence to the Policies, Standards and Procedures enterprise wide
Assist auditors, consultants, customers and other third parties with information security questionnaires, reviews, investigations, etc.
Communicate audit and review results to appropriate parties; ensure that issues are addressed and corrective actions are implemented.
Report to management the effectiveness of data security as implemented by internal and external business partners and make recommendations for the adoption of new procedures or controls.
Participate in proactive research and provide recommendations for continuous improvement.
Foster good working relationships with business unit managers, IT and engineering counterparts to ensure the organization meets its objectives in a risk controlled manner.
Perform other tasks as directed by the SVP, Global IT.
Bachelor's Degree is required
A minimum of two years of professional experience related to IT security & compliance.
A minimum of four years in a senior technical role such as system administrator or system engineer.
CISA, CISM and/or CISSP preferable.
Experience designing compliance programs and internal auditing.
SOX, PCI, data breach notification laws and European Union laws required.
Understanding of network architectures and design, administrative, technical and physical security controls, Windows Active Directory, Windows-Linux server, desktop operating systems; database and application architecture, etc is required.
Highly proficient with Microsoft Office suite and Visio is required.
Experience in working across multiple organizational teams / business units conducting risk assessments and threat modeling.
Must have an understanding of business, accounting, finance and legal.
Ability to think through complex problems, determine proper analytical processes and procedures, independently derive conclusions and present results to management.
Proven track record of working collaboratively on compliance and security initiatives.
Outstanding written and oral communication skills are required.
Excellent technical writing skills are required.
Must be able to summarize and communicate technical data to a non-technical audience.
Must be highly motivated with a strong work ethic and able to work effectively under minimal supervision.
Must be team-oriented, placing priority on the successful completion of team goals.

Don't Be Fooled

The fraudster will send a check to the victim who has accepted a job. The check can be for multiple reasons such as signing bonus, supplies, etc. The victim will be instructed to deposit the check and use the money for any of these reasons and then instructed to send the remaining funds to the fraudster. The check will bounce and the victim is left responsible.