Security & Compliance Program Manager
Credit One Bank, N.A. is a data-driven financial services company based in Las Vegas. Founded in 1984, Credit One Bank offers a spectrum of credit card products for people in all stages of financial life. One of the fastest-growing credit card providers in the United States, Credit One Bank offers credit cards through the Visa®, Mastercard® and American Express® networks. Credit One Bank is the Official Credit Card of NASCAR®, the Las Vegas Raiders, the Vegas Golden Knights, and Best Friends Animal Society, and is a proud partner of WWE and Six Flags®. Learn more at CreditOneBank.com and on social media (@CreditOneBank) on Facebook, Instagram, Twitter, YouTube, and LinkedIn.
We are looking for highly qualified professionals at our state-of-the-art, corporate headquarters in Las Vegas, NV. In addition to providing our card members with superior value and service, we are dedicated to providing engaging and challenging career opportunities for our employees. As a member of the Credit One Bank team, we’ll help you be your best and support you so you can reach your full potential.
The Information Security & Compliance Program Manager is responsible for assessing and documenting the bank’s governance, compliance and risk posture as they relate to its information assets.
This position provides highly skilled administrative, technology and information security expertise for the development and implementation of information technology / information security risk management and information security compliance program. Responsibilities require leadership and project management experience, as well as the ability to ensure effective system-wide security analysis, standards, testing; risk assessment; awareness, education; and development of policies, standards and guidelines.
The Security & Compliance Program Manager may manage a combination of direct and matrix reports (analysts).
Reporting position: The Security & Compliance Program Manager reports to the Chief Information Security Officer (CISO). The position will have a ‘dotted’ line to the Chief Technology Officer.
Duties and Responsibilities Leadership
- Recommend programmatic and technical directions and operate with a high degree of independence in matters relating to information security program governance, risk assessments, compliance activities and decisions regarding risk, metrics and program improvements
- Operate with a high degree of independence with regard to project management activities, including development of project plans and budget/resource estimates
- Perform other duties as assigned to ensure the smooth functioning of the department and maintain the reputation of the organization as a viable business partner
- Lead the development and implementation of the system-wide risk management function of the information security program to ensure information security risks are identified, managed and monitored
- Internally assess, evaluate and make recommendations to management regarding the adequacy of the (administrative and technical) security controls for the Bank’s information and technology systems
- Lead the system-wide information security governance and compliance program, ensuring Information Technology & Information Security activities, processes, and procedures meet defined requirements, policies and regulations
- Develop and implement effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with regulatory expectations and relevant legislation
- Execute strategy for dealing with increasing number of audits, compliance checks and external assessment processes for internal/external auditors
- Familiarity with Information Security and Industry compliance frameworks such as FFIEC, PCI DSS, NIST CSF, Center for Internet Security, etc.
- Communicates with all levels of staff including; Information Technology & Information Security management and staff, developers and other technical staff, general counsel, auditors, and technology vendors and contractors, in matters related to information security governance, policy, risk, compliance, and security awareness
- Work with Internal Audit, State and Federal regulators as appropriate on required security assessments, audits, and examinations
- Coordinate and track all information technology and information security related audits and examinations including scope of audits, timelines, auditing agencies and outcomes
- Work with auditors and regulators as appropriate to keep audit focus in scope, maintain excellent relationships with audit and regulatory entities and provide a consistent perspective on the bank’s governance, risk, and compliance efforts
Provide guidance, evaluation and advocacy on audit responses
- Must be able to assess computer hardware, software, and systems for security risks (or violations) and work with Information Technology and Information Security, consultants, and bank vendors to recommend solutions
- Develop strategies to address awareness and training for all stakeholders as well as technical solutions. Must be able to assess the status of complex multi-location projects as well as identify and implement appropriate corrective measures to resolve issues as they arise. Must have a strong customer service orientation and the ability to project that attitude to customers in remote locations
- Contingency planning (BCP, DR)
- Collaborate with bank Business Continuity department on Information Security business continuity planning, disaster recovery planning, and testing
- Three to five years managing direct reports
- Three to five years of information technology experience including information security technology skills and expertise or one to three years of direct information security experience
- Knowledge of information technology risk management frameworks and compliance practices
- Knowledge of information technology and information security controls
- Ability to develop security policies, standards and guidelines based on best practices and industry frameworks
- One to three years of planning and managing information security projects
- Excellent interpersonal, communication, and presentation skills, including formal report writing experience
- Understanding of common security standards and regulations relating to a financial services environment such as, FFIEC, PCI DSS, NIST CSF, Center for Internet Security (CIS), MITRE ATT@CK., etc.
Credit One Bank, N.A. is an equal opportunity at will employer and does not discriminate against any employee or applicant for employment because of age, race, religion, color, disability, sex, sexual orientation or national origin.
Credit One Bank does not accept unsolicited resumes from agencies and is not responsible for related fees.
- Pay Type Salary
- 6801 S Cimarron Rd, Las Vegas, NV 89113, USA