· EWAP Audit Manager
· Headcount: 1
· Site: Ayala (Currently on a work from home)
· Schedule: Night Shift
· Budget: 80 – 110K
The Audit Manager, will manage a team of information security professionals that help to define, and maintain the overall information security and audit program.
This function ensures that the EWAP Audit program is kept current by staying informed about new legal, regulatory and contractual requirements, incorporating new threats, vulnerabilities, risks, business requirements and other variables that may affect elements of the program, and ensuring that applicable requirements are appropriately addressed.
The function also provides Senior Management with status reports on the status of audit program within the company.
The Manager, acts as the security point of contact for internal and client assessments, manages the day-to-day aspects associated with implementation of the EWAP security and audit program, policies, and procedures, and guides the team in assessing the adequacy of evidence, security controls, and documentation.
This function will also be key performing internal assessments, facilitating client audits and potential client inquiries.
The successful candidate will have strong communication skills, and be capable of directing a geographically disperse group of information security professionals.
In this role, the Manager will provide guidance on the industry standards and regulatory requirements, communicate security concepts, policies, standards, procedures, and provide ongoing support.
Works with department heads, managers and directors of different business units for the provision of updates, communication of issues resolutions and program plans.
External contacts include clients and their auditors.
The successful candidate will have a firm understanding of risk management principles and is able to easily articulate that understanding while helping others to improve.
Is willing to actively seek opportunities to develop new approaches to meet new goals. Grasps and applies advanced concepts.
Stays abreast of new tools, technologies, and techniques, and implements them as solutions to business and technical problems.
Responsibilities also include:
• Oversee EWAP Audit team
• Define, develop and administer Audit performance indicators and security metrics
• Oversee internal operating controls, processes and practices
• Manage and track status of Audit team performance, initiatives and projects
• Works with global security team in the creation of policies, procedures, guidelines or controls to ensure it is current, adequate, functional, utilized in accordance with standards, legal and regulatory requirements.
• Engage with multiple stakeholders in aligning current business processes with security standards/obligations such as PCI DSS, ISO27001 and ISO27002, HIPAA, BITS, etc.
• Identifying and remedying security deficiencies and gaps with business suitable controls
• Review Statements of Work, Master Service Agreements, and other contracts for security obligations and identify areas of exposure
• Serve as liaison between multiple function within the organization to maximize the adoption of and support for security and compliance plans and procedures within the organization.
• Serve as a liaison between the organization, the client, and security auditors concerning information security and compliance
• Enhance Audit program providing guidance and expertise
• Identify and lead the appropriate subject matter experts to participate in the identification and analysis of risk scenarios
• Participate in BCP/DR related activities
• Will be called upon to provide innovative risk management solutions
• Completes all special projects and other duties as assigned.
· Required Skills:
Experience in a regulated (financial, pharmaceutical, health care, etc.) industry is highly desired.
One or more of the following certifications is highly preferred: CEH, CISSP, CRISC, CISA, ECSA, CHFI, CFE, MCSE, CCNA, CCNP SKILLS/PERSONAL ATTRIBUTE
Clear awareness of the security and compliance function
Strong decision-maker focused on the business value of Security
Adapts rapidly to changing circumstances
Focused on business needs Innovative in thinking and delivery orientated
Works across teams, functions and organizations
Takes personal accountability and ownership
Effectively manage risk and ambiguity
Clear and concise verbal and written skills
Excellent command of decision making techniques
Strong influencing skills
Able to manage performance issues
Builds a productive team that functions smoothly
Able to develop effective and achievable plans
Very good problem solving skill