Director Security & IT Compliance

The Security & IT Compliance Director will oversee and manage our company SOX, PCI, NSA and FCC compliance framework and obligations with an emphasis on PCI. The candidate will have a mixture of strong security, risk and IT compliance skills with a strong background in payments security. The director will continually define the control objectives and monitor compliance efforts to ensure that the company adheres to cybersecurity controls required holistically to protect our infrastructure as well as our payment environment. The ability to evaluate and design IT and Security controls to ensure integrity of our SOX, PCI and other critical systems is key. The director will review test findings within the Internal/External Audit Team, facilitate the remediation of control gaps, and escalate possible critical issues to senior management in the company. The Director will oversee a team that analyzes data pertaining to information systems functions relative to security framework & IT compliance disciplines, such as Section 404 of the Sarbanes-Oxley (SOX) act, Payment Card Information (PCI), NSA DOJ requirements and oversight of FCC outage notification obligations. The director will design a holistic security and control framework that includes the people, processes and technologies required to maintain compliance. The goal is to maintain effective security and compliance, proactively prepare for future requirements and seek efficiencies where possible.The director will develop and lead IT security compliance programs, ensuring adherence to regulatory and industry standards and oversee audits, risk assessments, and compliance testing to identify gaps and recommend corrective actions.

• Provide leadership, guidance and direction to the Security & IT Compliance team and related stakeholders
• Manage and maintain compliance with frameworks such as PCI DSS, SOX, ISO 27001, NIST, SOC 2 and FCC notification requirements.
• Develop, implement, and monitor security policies, procedures, and controls to ensure data integrity and protection.
• Collaborate with IT and security teams to ensure technical controls align with compliance requirements.
• Conduct employee training and awareness programs on IT security and compliance best practices.
• Stay updated on evolving cybersecurity threats, regulatory changes, and compliance trends.
• Serve as the primary point of contact for regulatory bodies, auditors, and external stakeholders regarding security compliance matters.
• Lead incident response planning, ensuring compliance with breach notification laws and incident reporting requirements.
• Provide strategic guidance to executive leadership on risk management and compliance initiatives.
• Define and maintain the Security & IT Complianceframework for the various IT Compliance disciplines including people, process and technologies needed to maintain compliance
• Governance, Risk and Compliance Tool Process Owner
• Design/specify/implement/monitor internal controls which help to ensure that AUSA is compliant with IT Compliance laws and regulations, internal policies and standards, and other requirements
• Evaluate IT controls and the remediation of control weaknesses, communicate to respective compliance stakeholders
• Investigate, document and report all out of compliance conditions to management
• Supervise the performance of risk assessments, self-audits and establish performance metrics against control-related policies and procedures
• Provide recommendations for meeting compliance requirements and manage any exceptions to closure
• Develop multi-faceted training/awareness programs to teach staff the importance of compliance, and the ways in which compliance is maintained with laws and regulations, internal, internal policies and standards and other requirements
• Develop and promote a culture of compliance in which staff act with clarified requirements, embrace a unified vision of their work, maintain a commitment to quality, and generate superior work results
• Secure a baseline of in-scope technologies and processes and ensure regular review of the baseline
• Maintain an up-to-date and thorough understanding of all requirements which AUSA must comply, including laws and regulations, contractual commitments, internal policies and procedures
• Define the process to ensure that new implementations adhere to the appropriate controls
• Develop and manage the annual compliance work plan where staff and any third parties/vendors generate and document all information needed in a timely manner to maintain compliance
• Provide oversight to compliance activities when interacting with third parties/vendors. Review contractual agreements, ensuring IT compliance adherence is stipulated
• Prepare/perform/approve performance evaluations and development plans; Interview/approve personnel for hire
• Maintain an ongoing relationship with the SOX Audit team to handle any escalations related to the SOX/IT GCC compliance
• Maintain an on-going relationship with business leaders. Ensure teams are in compliance with applicable IT controls
• Organizes education material for the compliance stakeholders
• Manage vendor relationships, ensures the vendors are responsive to company needs
• Negotiate with legal on all contracts, statements of work and maintenance agreements to ensure compliance
• Participate in budget planning and analysis
  

• Bachelor's or Master's degree in Information Security, IT, Cybersecurity, or a related field
• 8+ years of experience in IT security, compliance, or risk management, with at least 3 years in a leadership role
• In-depth knowledge of regulatory frameworks such as PCI DSS, SOX, ISO 27001, NIST, GDPR, CCPA, and SOC 2
• Experience leading audits and risk assessments, and working with external auditors
• Strong understanding of cybersecurity technologies, risk management, and data protection best practices
• Relevant certifications (e.g., CISSP, CISM, CISA, CRISC is required
• Significant experience with PCI controls or having the PCI ISA or QSA certification required
• Strong leadership, communication, and stakeholder management skills
• Ability to work cross-functionally and drive security compliance initiatives across the organization
• Strong analytical and problem-solving skills with a proactive approach to risk mitigation

Management Skills

• Ability to lead across functions and motivate a matrix
• Ability to lead across functions and motivate a matrix staff
• Ability to establish relationships within all levels of the Company
• Understanding of the Company's culture
• Ability to manage changing priorities
• Highly creative and flexible team player with a high level of energy and commitment
• Effective staff recruitment and development experience
• Able to confidentially manage highly sensitive company and personal