Named one of America’s 500 fastest growing companies, A MNC is a Fintech company headquartered in Silicon Valley, with global marquee customers, a dominant presence in the US, and an expanding international presence.
The company enables credit and debit card issuers to offer instantly-issued credit and debit cards and convenient controls and transparency for physical and virtual cards. Ondot is a white-label solution that can be provided as a branded solution by financial institutions to their customers. From a smartphone app, consumers can quickly and virtually obtain a credit or debit card through their financial institution and set preferences for when, where, and how their payment cards will be used. Our products allow card customers to get real-time alerts, contextual advice and offers, as well as perform many self-service actions.
We provide over 4,500 banks and credit unions with digital card services and solutions that transform how consumers interact with their financial products and institutions.
The Compliance Manager is accountable for the development and implementation of the compliance and audit program. The compliance manager will be the central point of contact for setting the day-to-day direction of the compliance and Audit program and its overall goals, objectives, responsibilities, and priorities.
What you will do:
Create a strategy for companywide PCI DSS compliance program and provide end-to-end control oversight, assurance of compliance with requirements of the Data Security Standard, risk analysis, and issue management and analysis.
Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program.
Oversee the company’s Cybersecurity program, including the employees, contractors, and vendors who safeguard the company’s information systems and data, as well as the physical security precautions for employees and visitors.
Work with technology teams on the walkthrough and gather control design requirements and bring control issues to closure.
Communicate issues and evaluate findings and best practices with the rest of the team.
Perform QC reviews of control testing working papers.
Work actively with the Security Leads/ CISO on IT-related issues.
Support internal education and best practices sharing with peers and colleagues, as well as information security education & awareness, as needed.
Identify protection goals, objectives, and metrics consistent with the corporate strategic plan.
Ensure appropriate procedures are in place for Security Testing & Evaluation (ST&E) for all information systems and monitor, evaluate, and report to company management on the status of cybersecurity within the company.
Monitor and evaluate the status of the company’s Cybersecurity posture by performing annual compliance reviews of the PCI DSS Cybersecurity Policy and system controls (including studies of security plans, risk assessments, security testing processes, and others).
Provide feedback to company management on the status of the Cybersecurity program, and suggest improvements or areas of concern in the application or any other security-related activity.
Lead/Conduct all periodic planned and surprise Audits for Cloud and Corporate.
Help with Security questionnaire for all clients.
Provide security-related guidance and technical assistance to all operating units. Promote best practices in Cybersecurity management.
Assist in compliance reviews and other reporting requirements.
Maintain all documents reports/audit records up to date.
What you should have :
Must be an intelligent, articulate, and persuasive leader who can serve as a productive member of the senior management team and who can communicate security-related concepts to a broad range of technical and non-technical staff.
Experience in PCI DCC compliance requirement and control testing.
Professional security management certification is desirable, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials.
Knowledge of common information security management frameworks, such as ISO/IEC 27001, SOC2, ITIL, COBIT as well as those from NIST, including 800-53 and cybersecurity framework.
Experience with handling third party security assessment.
ISO27001, KPMG, and SOC Audits.
Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and non-technical audiences at various hierarchical levels, ranging from board members to professional specialists.