|Preferred GIAC Certifications||GISP, GSNA, GSLC, GLEG|
|Salary||120-160K + 10%|
Want to work on a world-class team building life-changing financial products? Let me introduce you to Progrexion – that’s what we do every day.
Based in downtown Salt Lake City, our team builds industry leading services that help consumers access, understand, and verify their credit reports are fair, accurate, and substantiated. Our services power the technology behind Lexington Law (an independently owned law firm), Credit.com, and CreditRepair.com. And the good news? We have a lot of fun while we do it.
Progrexion is looking for a Security Governance, Risk and Compliance Manager to join our Information Technology Security Team. This candidate will be responsible for leading and maintaining internal data governance, privacy, and compliance efforts, identify and assessing business risks as well as leading the annual Payment Card Industry (PCI) and credit bureau Third-Party Assessment audits.
The successful candidate will demonstrate our Corporate Guiding Values of Integrity, Consumer Advocacy, Teamwork, Development, Quality and Performance in all areas of his/her work. This candidate will be a highly skilled individual that manages all consumer privacy, PCI and compliance requirements, reviews contract language for technical considerations, drafts and updates security policies, procedures, and other supporting documentation while maintaining relationship with business stakeholders. This individual will have strong regulatory and compliance experience as well as the ability to lead a team and building relationship with third-party auditors and regulators, as appropriate. Our ideal candidate will not only have a high business acumen, and the ability to convey technical information into business terms and quantifiable risks.
Direct and lead a strategic, comprehensive Security Goverance, Risk, and Compliance program.
Audit and manage obligations from Board, executive management, regulators, auditors, and compliance authorities.
Manage and own major GRC-focused initiatives from beginning to end with minimal supervision.
Assess and track compliance with regulations and legal requirements such as PCI, GLBA, CCPA, and contractual commitments.
Develop and maintain policies and procedures related to the GRC program.
Ensure ongoing analysis of information security threats, vulnerabilities, and market trends. Identify and contain emerging threats before they can have a negative impact on business operations.
Oversee all internal IT, 3rd party audits, and PCI DSS certification efforts.
Drive information security training and awareness programs.
Ensure technology solutions are compliant and adhere to industry best practices and meet security requirements, including Software-as-a Service (SaaS), Infrastructure-as-a-Service (IaaS) contracts, Platform-as-a-Service (PaaS) or internally developed systems.
Actively engage as a member of the IT Leadership Team.
Develop and deliver meaningful security dashboards and reports to a wide audience demonstrating our current program state and adherence to frameworks and standards.
Work as an advisor to the business areas to plan for vendor solutions for managing the information security risk.
Develop and maintain strong relationships with other IT and business stakeholders.
Manage the day to day governance, risk and compliance efforts of the Information Security Team.
Lead the third-party vendor information security risk management efforts.
Other assignments defined by the CISO.
Bachelor’s degree (preferably technical or computer science); Master’s degree preferred.
Minimum 10 years related experience with 2 years in a leadership role.
Strong understanding of today’s threat landscape and information security architectures, as well as applicable laws, regulations, and compliance frameworks (SSAE 16, PCI-DSS, GLBA, CCPA).
Relevant industry certifications such as: CISSP, CISM, CISA, IAPP, GIAC, or other InfoSec or Privacy certifications required. Equivalent experience may also be considered.
Solid understanding of information security practices and controls in areas including but not limited to; Data Protection, Identity and Access Management, Incident Response, Threat and Vulnerability Management, Intrusion Detection Systems, Event Log Management, End-Point Protection, and Data Loss Prevention, etc.
Ability to evaluate risks to the company, articulate issues, develop consensus, raise awareness, and provide and implement solutions.
Strategic thinking and planning; capable of building a roadmap for achieving strategic business goals.
Ability to work collaboratively and effectively with a cross-section of the Information Technology team and the business organizations to implement information-security-related standards and initiatives.
Personal qualities and skills: effective written and oral communications, highly organized and able to meet tight deadlines, teamwork, and an extreme attention to detail.
Experience with Governance, Risk and Compliance (GRC) programs and technology platforms is desirable.
Experience leading security or privacy training courses.
The job description is not designed to cover or contain a comprehensive listing of required duties or responsibilities. Other duties, responsibilities and activities may change or be assigned at any time with or without notice.
Apply for this job online
Refer a friend to this job
Share on your newsfeed
Connect With Us!