Risk & Compliance Manager
Posted on Apr 16, 2019 by Airlines Reporting Corporation
Job ID: 2
# of Openings: 1
Category: Finance & Accounting
ARC is searching for a Risk & Compliance Manager to join our team. As a Risk & Compliance Manager, you will work with the Director, Enterprise Risk and Compliance for all aspects of audit-readiness, maintenance and coordination of the PCI and ISO programs at ARC. You will work in a cross-functional team setting, collaborating to ensure business needs are properly translated into comprehensive technical details using a common set of baseline tools and templates.
You will monitor risks and recommend mitigation strategies to business leaders in addition to providing support and guidance to the business and IT staff on risk related issues.
You will be based at our metro-accessible headquarters in Arlington, VA.
If you have a passion for compliance and hands-on experience with all ISO 27001 controls and PCI DSS requirements, then we want to hear from you.
What You'll Get to Do:
- Serve as ISO 27001 and PCI Compliance organizational subject matter expert to maintain certification of ISO and compliance with card brand security standards PCI DSS. Identify and work with respective owners for the mitigation of risk for IT processes which are not compliant with information security and risk and compliance framework requirements.
- Oversee ARC's ISO 27001 and PCI programs (policies, standards, requirements, guidelines and baselines) under the direction of Director, Enterprise Risk & Compliance. Manage all aspects of audit-readiness for re-certification and annual compliance efforts.
- Manage service provider relationships and coordinate activities (e.g., auditors/assessors, consultants) to articulate control implementation and impact, describe considerations for applying security and compliance concepts encompassing cloud environments.
- Collaborate with vendor management team to perform domain expertise technical assessments and oversight for vendors/suppliers and assist with developing third-party assessment and risk metrics for reporting on a regular basis.
- Establish transparent and measurable risk management metrics and reporting for ISO and PCI Programs on an ongoing basis.
- Collaborate with Protect and Respond Security Team to validate and test Qualys Compliance automated controls.
- Educate and promote risk & control awareness and accountability. Build relationships and communication channels to ensure ongoing awareness of changes to business risk profiles.
- Manage projects and programs that support the company's goal to be a trusted and secure brand.
You'll Bring These Qualifications:
- Bachelor's degree in Business, Accounting, Finance, Information Systems or a related discipline
- 5+ years of experience with ISO 27001 controls and PCI DSS requirements.
- 5+ years of experience with a variety of technical security controls and platforms (e.g., AWS, Snowflake, Wintel, tokenization & encryption, network security, VPN, POS, firewalls, log monitoring, etc.).
- Possess at least one of the following professional designations- CISA, CISM, CISSP, CRISC, etc.
- Knowledge and exposure to SSAE16 audits, COBIT, ITIL, ISO 27001 and other frameworks and models for managing risks.
What We Can Offer You:
- Our team is motivated, creative, collaborative and solutions-oriented. We think big, we embrace challenges, and we explore new ideas to lead the way for the travel industry.
- Our employees value the flexibility at ARC that allows them to truly balance their professional lives and personal lives.
- We offer a highly competitive, progressive benefits package and hands-on learning and development opportunities.
- For more than half a century, ARC has been a trusted provider of settlement services, settling more than $86 billion in transactions between airlines and travel agencies each year.
EOE M/F/D/V Females and Minorities Encouraged to Apply