Sr Mgr of Information Security

Company: TMX Finance
Location: Carrollton
Posted on: February 18, 2021

Job Description:

Requisition ID 2021-9068Category: IT/ISLocation: US-TX-CarrolltonOverviewSenior Manager of Information SecurityCarrollton, TXThe TMX Finance - Family of Companies is looking for a Senior Manager of Information Security to join our team and oversee our Information Security Compliance program. As a Senior Manager of Information Security, you will help mature our Information Security Compliance Program and supporting activities related to development and maintenance of policies, standards, procedures, and controls. You will collaborate with the broader security team and other departments within TMX to advance program maturity, assess security risks, and communicate/facilitate remediation of those risks. The health and well-being of our Team Members, their families, and our customers remains a top priority for us. That's why we've taken a number of steps to help maintain a clean and safe environment where Team Members can thrive, and customers can feel safe. Currently, in our stores and Corporate offices, we're practicing social distancing, wearing face coverings (subject to certain exemptions), cleaning frequently, and following state and local requirements as well as Center for Disease Control (CDC) guidelines to help ensure a clean and safe environment for all. As the situation evolves, changes may be made to our practices, in line with state and local mandates as well as CDC-guidelines. ResponsibilitiesOversee all Governance, Risk and Compliance for the IT department.Aid in the further development and maturation of the IT Security Risk Management Program and overall tools.Develop and maintain a Risk Controls Matrix (RCM) that aligns with applicable regulatory and compliance requirement frameworksDetermine, develop, maintain, and publish corporate-level information security policies, standards, procedures, and guidelines, including incident response and compliance reporting procedures for general IT controls and SOX.The identification, testing, maintenance, compliance reporting and management assertion of general IT controls.Leads the effort to implement new versions of PCI-DSS requirements, including the reviewing of the technology lifecycle and end of life impacts (platforms, software, database) on PCI applications and Cardholder Data Environment.Coordinates the work of the Qualified Security Assessor (QSA), as requiredEnsures the effective maintenance of the program to monitor service providers PCI-DSS compliance status.Manages PCI compliance risks and issues logResponds to alleged violations of PCI compliance policies, procedures, and standards by evaluating or recommending the initiation of investigative proceduresProviding organizational guidance, leadership and promoting general awareness and training of security policies and program.Promoting adherence to NIST and other generally accepted IT security and control practices throughout the IT landscape.Supervise all investigations relating to security threats, legal discovery, and violation of security policies and provide on-going communication with senior management.Engage in penetration studies, threat analysis, vulnerability assessments, and security audit activities to ensure IT controls and security are effective.Maintain close working relationships with Internal/External Auditors on Interim, Annual, Intellectual Property, SOX & regulatory engagements.Assist peer managers in understanding security and control deficiencies and responding to internal and external audit reports.Verify relevant third-party attestations to validate the necessary safeguards are in place to protect our information assets under their care Ensure that any remedial actions required by external parties are addressed, Conduct security reviews of potential third-party providers / acquisition targetsPerform periodic information privacy risk assessments and conduct related ongoing compliance monitoring activities in coordination with the entity's other compliance and operational assessment functions.QualificationsBachelor's degree in Computer Science, Information Systems, Engineering, Business, or other related scientific or technical discipline is required. Four (4) years of experience in IA/Information Security will be an acceptable substitute for a bachelor's degreeMinimum 5+ years in Information Security, Governance, Risk and ComplianceMinimum 5+ years of IT and Cyber Security experienceRegulatory compliance, including information security management frameworks (e.g.,PCI-DSS, NIST CSF, ISO2700x, SANS Top 20 Critical Security Controls, SOX, COBIT)Experience actively governing risks and threats Experience conducting Risk Assessments and facilitating executive level risk discussionsPhysical demands for this position frequently include: the ability to remain in a stationary position, move about freely inside and occasionally outside of the office, and the operation of mechanical controls, such as a keyboard.Preferred QualificationsExperience in developing and implementing information security practices in a retail financial, or a highly decentralized corporate environmentInformation Security certifications: CISSP, CISM and CIPPIT Security experience in a large multi-site retail/financial retail environment.IT Security experience in large multi-vendor Cloud (AWS, Azure, Oracle) environments.Bachelor's degree in computer science or related fieldLearn More About UsThe Senior Manager of Information Security is part of the Information Services team, who works to design and drive the innovation that keeps us competitive. The IT team members are the first responders to global initiatives creating cutting-edge solutions that enhance and differentiate our customers' experiences, and the Service Desk provides a single point of contact to help meet our team members' technology needs. To learn more, visit Check out what's happening in our Company at information contained herein is not intended to be an all-inclusive list of the duties and responsibilities of the job, nor is it intended to be an all-inclusive list of the skills and abilities required to do the job. The Company may, at its discretion, revise the job description at any time, and additional functions and requirements may be assigned by supervisors as deemed appropriate. Requirements, skills and abilities included have been determined to illustrate the minimal standards required to successfully perform the position. All TMX Finance - Family of Companies Are Equal Opportunity Employers. PI129554691

Keywords: TMX Finance, Carrollton , Sr Mgr of Information Security, Accounting, Auditing , Carrollton, Texas