Lead Cyber Security SOC Controls


Job Details

This role resides in the Cyber Risk & Compliance area which is responsible for defining, implementing, and leading the Cyber Risk & Compliance function in the Safelite Organization. It creates Soc1 and SOC2 risk management oversight; establishing and managing the controls framework and relevant standards; overseeing applicable security, privacy, contractual and compliance requirements through strategy development and deployment, controls definition and assessment (internal & external) together with process oversight, through three areas under its remit, Risk Management, Privacy and Technical Compliance with a small team of specialists in each area.

This is a role carries out the Safelite SOC1 and SOC2 compliance management function within the Belron Trust group under the North American CISO, reporting to the Head of Cyber Risk & Compliance. It assists in the delivery of the security risk management for Safelite, with a focus on generating and monitoring the SOC 1 and 2 program, engaging with key stakeholders. It will ensure that all functions have clear business owners for the points of focus, control objectives and any risks are reviewed and updated regularly. It will assist Safelite working towards a SOC 2 type 2 attestation.

It requires an ability to balance a hands-on approach to security compliance and risk management where necessary, with an ability to self-direct, prioritize and manage work in plus the improving the quality of service provided to Safelite regardless of delivery method (internal or 3rd party) with respect to information security and risk.

Information Security, financial processes, and services within Safelite are maturing and a key part of this role will be to work with the Head of Cyber Risk & Compliance together along with the CISO for North America to help define, regulate, and improve these as part of the virtual security team.

This role forms part of the wider strategic Trust program being developed focusing on the reduction of information risk to Safelite. It requires knowledge of information security activities across technology, process, and governance as well as in depth risk management.


What Youll Do

  • Help design, develop, and deploy across Safelite SOC1 and SOC2 management programs that focus on the monitoring of controls and ensuring compliance.
  • Develop and deploy processes within the Safelite SOC1 and 2 program where they dont exist and where they do ensure they meet the Belron group standard for information security risk management and control.
  • Enhance existing Information Security risk processes (where they exist) to extend coverage and give better definition of SOC1 and SOC2 assurance for Safelite.
  • Where such processes dont exist, establish them working with each function to ensure effectivity and consistency with the Safelite Risk management policy.
  • SOC 1 and SOC 2 governance involve external risk reporting to stakeholders.
  • Conducting audits of policy and compliance to SOC1 and 2, including liaison with internal and external auditors where needed.

What Youll Need

  • Bachelors degree in computer science or equivalent work experience.
  • Formal Risk Management qualification or equivalent (e.g Certified ISMS Risk Management (CIS RM), CISM or equivalent).
  • One or more of the following qualifications are highly desirable:
    Certified Information Security Manager (CISM)
    Certified Information Systems Security Professional (CISSP)
  • Minimum 8+ years experience in information security governance and assurance - focusing on risk management.
  • Minimum 8+ years experience in generating, deploying, and managing risk management control programs within large, diverse corporate businesses.
  • A minimum of 7 + years of experience within an information discipline with a formal information security qualification.
  • Minimum 3-6 years experience in managing third party companies risk assessment and evaluations.
  • Experience of SOC 1 and 2 type 2.
  • CPPA enforcement and data process mapping experience within a large complex corporate organization.
  • Experience in supporting an Information Security compliance regime such as PCI DSS.
  • Ability to maintain composure and continue to function effectively under pressure.
  • Excellent presentation, communication and interpersonal skills required.
  • Comfortable interacting effectively at all levels of the Belron and group companies.
  • In-depth knowledge of information security risk management and its effective application within group and subsidiary companies.
  • A good understanding of legislation and regulations that impact information security (CPPA, GDPR).
  • Self- starter with the ability to work independently.
  • Excellent verbal communication and interpersonal skills.
  • Excellent writing and documentation skills.
  • Good analytical skills with the ability to tailor an approach based on data and information received.
  • Ability to think and plan strategically balanced against the need to deliver.
  • Actively drives the sharing of best practice for Security Risk Management.
  • Ability to travel may be required within USA, and occasionally to Europe in order to effectively support the North American CISO, but this is not envisaged to be regular

What Youll Get

  • Competitive weekly pay and bonus opportunities.
  • A benefits package valued at more than $10k*. This includes a 401(k) plan with company matching, medical coverage plans customized to suit your needs and a commitment to work/life balance through our paid time off (PTO) programs, company holidays and paid volunteer days.
  • Up to $5,250 annually in tuition reimbursement.
  • View all our health, wealth, and life offerings at www.safelitebenefits.com.

******************************************************************************************************************************************





 Safelite

 04/28/2024

 Columbus,OH


JobsPlenty.com - Job Search Engine © 2024 • TermsPrivacyContact | HIPLEX LLC