0
applicants
IT Compliance Specialist II
at Blackhawk Network London in London (Published at 04-10-2023)
About Blackhawk Network:
Blackhawk Network (BHN) is the leader in global branded payment technologies. We strengthen relationships between brands and their customers, employees, and partners by transforming transactions into connections. BHN’s portfolio includes: Gift Card & eGift products, promotions and distribution that grow revenue faster; Rewards & Incentives that build loyalty and acquisition and are integrated into today’s leading platforms; and Payments that enable businesses and customers to access and disburse funds in convenient and innovative ways. BHN’s network spans across the globe with over 400,000 consumer touchpoints. Learn more at BHN.com.
Are you passionate about your work? Can you build solutions that scale vertically as well as horizontally? Do you find solving complex problems an exciting challenge? Are you looking to take the next leap in your career? Are you looking to be a key contributor in the World’s leading Anytime/Anywhere Payment Network? If you answered ‘Yes’, please read on…your career is at Blackhawk Network and we want to talk to you!
We are looking to hire an experienced IT Compliance and GRC Specialist to join the Blackhawk Information Security Organization. This position will have a critical role in ensuring the effectiveness of Blackhawk Network’s continuous compliance program and driving information security, risk, and compliance initiatives supporting the Global IT Security GRC & Risk Management program, supporting BHN’s security programs. The qualified candidate will have solid experience supporting customer due diligence, security risk assessments, Cyber Essentials Plus, GDPR, ITGCs for financial reporting, SOC 2, ISO-27001, and/or PCI compliance assessments, including project coordination with external audit firms, internal technology teams, and supporting compliant results. Additionally, the successful candidate will have good experience conducting technical control assessments of information security controls and processes within data center and cloud environments. This candidate will coordinate with internal stakeholders to implement and manage a strong integrated security posture in addition to serving as a trusted advisor to the business on security best practices and IT controls design.
- Coordinate with internal security and technology teams to meet security and compliance requirements throughout the year.
- Perform and document second-line monitoring security and technology controls to monitor their effectiveness and monitor improvements implemented throughout the year.
- Coordinate with external audit firms and internal technology teams during the internal prep and external audit assessments. Drive internal and external teams towards achieving compliant status.
- Lead and support coordination of customer due diligence inquiries, audits, remediation, and follow-up activities.
- Maintain accurate and up-to-date archives and records of internal assessment and external audit requests and deliverables in the GRC risk register and GRC system.
- Organize and evaluate BHN controls to validate implemented, maintained, and monitored through a security program that supports corporate initiatives, risk, and security compliance.
- Continuously monitor and assess potential threats while managing vulnerability issues and risks in accordance with applicable compliance requirements or security risks.
- Coordinate with platform owners, business stakeholders, business analysts, engineering, and project management teams to incorporate appropriate security controls and standards.
- Provide guidance and support on InfoSec Red Team assessments and initiatives
- Develop and implement best practices for assessing and evaluating IT & security controls for the organization, third-party businesses, and provide M&A support.
- Oversee IT Change Advisory Board activities as an advocate for effective change management controls.
- Support incident response activities for all compliance related issues.
- Lead engagements while providing technical oversight for audits, certification and other risk & compliance deliverables.
- Collaborate with GRC and information security team members to optimize internal and external assessments and artifacts among PCI, ISO 27001, HIPAA, SOX ICFR/ITGC, SSAE-18 SOC2, and customer due diligence requests.
- Manage multiple competing priorities in a fast-paced environment.
- Research and understand emerging information security threats, vulnerabilities and countermeasures, and advise business and management accordingly.
- Contribute to and drive remediation on related issues for the BHN Global Risk Program.
- 4 to 5 years professional experience supporting security risk and compliance programs in financial technology or electronics payments industry.
- Excellent time management, organization, documentation, and detail-oriented skills with an aptitude for creative problem solving and ability to multi-task in a dynamic work environment
- Practical & technical understanding of network, infrastructure, application security, SDLC, cybersecurity domains, and cloud security controls.
- Knowledge and experience in supporting a security compliance program and leading remediation efforts for relevant domestic and internationally accepted security standards and best practices such as Cyber Essentials Plus, PCI DSS, ISO 27001, HIPAA/HITECH, GDPR, NIST, OWASP, SSAE-18 SOC1, SOC2 TSC, and SOX ICFR/ITGC.
- Proven track record in supporting and driving technical design and operational teams and utilizing analytics to help facilitate the decision-making process in complex environments.
- Demonstrated the ability to develop successful partnerships with internal and external stakeholders.
- Highly developed oral and written communication skills; strong presentation skills.
- Strong collaboration and information sharing with team members is essential.
- Excellent technical communication and analytical skills; ability to simplify and report on complex technical functions and risks to senior leadership.
- Experience in managing multiple initiatives in a global organization.
Education/Certifications
- Bachelor’s degree in business, Information Systems, Computer Science or work experience equivalent.
- 2 to 3 years of technical auditing experience with information security and technology.
- 4 to 5 years of experience supporting security risk and compliance programs and working with an external audit firm.
- Required security certification CISA; preferred CISSP.
- Actively pursuing certification or certified in one or more of an industry recognized security certification such as CISM, CISSP, PCI-ISA, ISO 27001 Lead Auditor, PCIP, GSEC, CEH, or AWS Certified Security.
- Professional services experience with a public accounting/management consulting/security advisory or QSA firm is a plus.
