Senior Manager, Information Security Compliance &
Click the Facebook, Google+ or LinkedIn icons to share this job with your friends or contacts. Click the Twitter icon to tweet this job to your followers. Click the link button to view the URL of the job, which then can be copied and pasted into an e-mail or other document.
Overland Park, KS 66213
The Senior Manager, Information Security Compliance & Risk leads QTS Information Security Compliance and Risk teams and reports to the QTS Chief Information Security Officer. QTS has embraced a risk-based approach for information security and compliance, and in this position, you will manage a team of information security compliance and risk professionals, working to build and maintain an information security compliance and risk program to manage information security compliance, identify risk, and make recommendations for managing information security risk.
RESPONSIBILITIES, other duties may be assigned.
- Lead the QTS compliance team and manage the planning, execution, and health reporting of QTS Compliance programs (SOC 1, SOC 2, ISO 27001, PCI DSS, FISMA, and HITRUST) including:Compliance Program Monitoring – Monitor and report on the health of the QTS Compliance programs, including compliance program control operating effectiveness
Compliance Implementations – Manage the implementation of new QTS compliance programs, or existing compliance programs for new sites.
Compliance audit support – Support the QTS compliance program audits
Customer Compliance Support – Support of QTS customer compliance & information security inquiries, questionnaires and audits.
- Lead the QTS Information Security Risk team to manage information security risk including:Manage and grow the QTS vulnerability management program including network and web application scanning.
Manage the QTS information security risk program, overseeing internal risk assessment.
The Senior Manager, Information Security Compliance and Risk can be located in any of these three QTS locations: Overland Park, Kansas; Suwanee, Georgia; or Ashburn, Virginia. This position will require up to 15% travel to QTS data center locations as required. The ideal candidate will have a broad base of experience in Information Security Compliance and Risk, both as a contributor and leader.
In addition to QTS Core Values, the candidate should be skilled in the following areas:
- Management & Leadership – Lead, develop, grow and work with a cohesive team through establishment of clear direction, identification of employee strengths and opportunities, and alignment of company goals with departmental and employee goals.
- Quality Team Decision Making – Develops engagement plans and approaches for success of department projects. Identifies company control solutions and develops conclusions through analysis of multiple data sources and input of cross-functional team members.
- Consulting Style Communication skills – Effective at recommending solutions across the organization at all levels for compliance and information security risk challenges. Skilled at cross organizational communications and influence, sometimes working to influence in the absence of direct authority.
- Information Security Compliance and Risk – Strong knowledge of information security compliance programs from both the standards and practical implementations, as well as information security risk management and demonstrated success in effectively managing information security risk.
- A Bachelor’s degree or equivalent professional experience
- Ten or more years performing or supporting information technology audits, compliance, and/or risk assessments.
- Ten or more years of experience with information security risk management, especially vulnerability management.
- Prior people leadership experience, preferably five or more years of direct people management experience.
- Six or more years experience and strong knowledge in at least three or more of the following compliance standards:HITRUST
Attainment of one or more of the following certifications:
- GIAC Security Essentials (GSEC)
- Certified Information Systems Auditor (CISA)
- Certified in Risk and Information Systems Control (CRISC)
- GIAC Critical Controls Certification (GCCC)
We conform to all the laws, statutes, and regulations concerning equal employment opportunities and affirmative action. We strongly encourage women, minorities, individuals and disabilities and veterans to apply to all of our job openings. We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, gender identity, or national origin, age, disability status, Genetic Information & Testing, Family & Medical Leave, protected veteran status, or any other characteristic protected by law. We prohibit retaliation against individuals who bring forth any complaint, orally or in writing, to the employer or the government, or against any individuals who assist or participate in the investigation of any complaint or discrimination claim.