Mgr Security Audit & Compliance

Onfido

Onfido

Legal
Minnesota, USA
Posted on Dec 12, 2024

Career Growth, Flexibility and Collaboration!

Entrust is an innovative leader in identity-centric security solutions, providing an integrated platform of scalable, AI-enabled security offerings. Headquartered in Minnesota, we offer our colleagues the ability to work globally, in a flexible and collaborative environment. Our team makes an impact!!

The Company: Entrust relies on curious, dedicated and innovative individuals whom anticipate the future and provide solutions for a more connected, mobile and secure world. Entrust’s technologies and expertise help government agencies, enterprises and financial institutions in more than 150 countries serve and safeguard citizens, employees and consumers.

We Believe: Securing identities is most effective when we value all identities. We are committed to ensuring that, through diversity and inclusion, the many voices that make up our communities are heard. From unconscious bias training for managers to global affinity groups that create connections both within and across our enterprise, Entrust expects and encourages all individuals to accept and respect one another. And, of course, to be themselves.

Position Overview: We are seeking a talented senior leader to join our Corporate InfoSec department. The Information Security Audit and Compliance Senior Manager will lead and oversee security compliance advisory services to the Entrust organization and ensure that our security posture aligns with regulatory security requirements.

Responsibilities:

  • Provide management and leadership of the ISMS program supporting the implementation, operation and maintenance of the Information Security Management System based on the ISO/IEC 27000 series of standards, including certification against ISO/IEC 27001 where applicable.
  • Oversee datacenter and cloud compliance with applicable security frameworks including NIST 800-53, NIST CSF, PCI-CP, PCI-DSS, SOC2, Webtrust, ETSI and CybersecurityEssentials.
  • Manage and coordinate regulatory and compliance audits of applicable security frameworks and collaborate with internal and external stakeholders to manage those audits.
  • Support information security risk assessments designed to assess the control environment of the business processes, systems and services under review.
  • Support that maintenance and management of a system and control inventory including identification of supporting roles
  • Develop remediation and corrective action plans with related governance and operational functions (such as Physical Security/Facilities, Risk Management, IT, HR, Legal and Compliance) plus senior and middle managers throughout the organization as necessary.
  • Lead team meetings and conduct written and/or verbal presentations to departments, management, and steering committee staff.
  • Assists with security RFIs and provides advisory to business, legal and sales teams in understanding security obligations within contracts to limit company-wide security liability and align contract language with company security portfolio.
  • Assists with development, review and revisions of information security policies, standards, procedures and guidelines as applicable.
  • Assists with the development and operation of related compliance monitoring and improvement activities to ensure compliance both with internal security policies and applicable laws and regulations.
  • Update job knowledge by tracking and understanding emerging security practices and standards and frameworks.
  • Review, prioritize and recommend information security improvements as they relate to the achievement of business goals and objectives.

Basic Qualifications

  • Bachelor’s Degree
  • 7+ years of experience
  • Strong Audit and Compliance background as a minimum (preferably has implemented an ISMS)
  • Strong Security Governance, Risk and Compliance experience
  • Experience enabling compliance and facilitating audits in support of ISO 27001, NIST 800-53, NIST CSF, PCI-DSS, PCI-CP, Webtrust, ETSI, SOC2, CybersecurityEssentials+
  • In-depth understanding of IT Security concepts (threats, vulnerabilities, controls, countermeasures, risk management, etc.)
  • Knowledge of information security functions (i.e., security operations, security engineering, security architecture, vulnerability Management, incident response functions)
  • Sound technical understanding of networking and telecoms
  • Excellent working knowledge of common IT Security technologies such as:

    Security Event & Information Management Systems

    Identity and Access Management Systems

    Single Sign-On and Two-factor authentication

    Firewalls, Content Filtering

    Anti-Virus software, Intrusion Detection/Prevention, Vulnerability Assessment software

  • Excellent communication skills and the ability to work in a multi-disciplined environment
  • Excellent problem-solving skills combined with the ability to work on multiple concurrent tasks with demanding deadlines
  • Must be able to lawfully work within the US and have unrestricted work authorization for US

Preferred Qualifications:

  • ISO 27001 lead auditor, or audit experience
  • One or more relevant professional certifications (e.g. CISSP, CISM, CISA, SSCP, CEH, etc)
  • Project Management
  • Exposure to ITIL (v3) and/or experience working in a formal change-controlled environment.

For US roles, or where applicable:

Entrust is an EEO/AA/Disabled/Veterans Employer

For Canadian roles, or where applicable:

Entrust values diversity and inclusion and we are committed to building a diverse workforce with wide perspectives and innovative ideas. We welcome applications from qualified individuals of all backgrounds, and we strive to provide an accessible experience for candidates of all abilities.

If you require an accommodation, contact accessibility@entrust.com.

Recruiter:

Steve DonahueSteve.Donahue@entrust.com