About Sutherland:
Artificial Intelligence. Automation. Cloud engineering. Advanced analytics. For business leaders, these are key factors of success. For us, they’re our core expertise.
We work with iconic brands worldwide. We bring them a unique value proposition through market-leading technology and business process excellence.
We’ve created over 200 unique inventions under several patents across AI and other critical technologies. Leveraging our advanced products and platforms, we drive digital transformation, optimize critical business operations, reinvent experiences, and pioneer new solutions, all provided through a seamless “as a service” model.
For each company, we provide new keys for their businesses, the people they work with, and the customers they serve. We tailor proven and rapid formulas, to fit their unique DNA. We bring together human expertise and artificial intelligence to develop digital chemistry. This unlocks new possibilities, transformative outcomes and enduring relationships.
Sutherland
Unlocking digital performance. Delivering measurable results
Job DescriptionSutherland is seeking a reliable and technical person to join us as an Information Security Manager. We are a group of hard-working and energetic individuals. If you are looking to build a fulfilling career and are confident you have the skills and experience to help us succeed, we want to work with you!
The Manager - Technology Risk Management, Information Security resource will perform security assessments to ensure compliance with internal policies, controls, and standards, as well as client and regulatory security requirements. These assessments include reviewing technological, operational, and process controls to evaluate the design and implementation of security controls.
The individual will also perform risk assessments and monitor for adherence to customer requirements, ISO 27001 requirements, PCI DSS requirements, and other regulatory compliance requirements. Additionally, the individual will participate in PCI DSS audits, Service Organization Controls (SOC) audits, SSAE 16 / ISAE 3402 audits, customer audits, and other compliance / regulatory audits occurring at various sites.
This position may be based anywhere in the United States and the individual will report to the Director of Information Security, Americas. The role will occasionally require travel and the individual will interface closely with Service Delivery, other members of the global Information Security team, and other functions across Human Resources, Physical Security, Information Technology, and Facilities.
Responsibilities:
Assist with assessments of Information security controls to measure the effectiveness of controls and identify control gapsIdentify, assess, and prioritize identified risksCollect evidence, artifacts, and document findings to support conclusionsReport on compliance with internal policies, controls, and standardsProvide recommendations for remediation of identified deficienciesTrack and report on findings/deficiencies to closureParticipate in third-party risk assessments and audits, to include HIPAA audits, PCI DSS audits, Service Organization Controls (SOC) audits, SSAE 16 / ISAE 3402 audits, customer audits, and other compliance / regulatory auditsTrack remediation efforts and report on the status of control deficienciesSupport information security investigations in the respective areas of responsibilitySupport security initiatives and global policy adherence and awareness efforts in the areas of responsibilityEnsure that new client engagements, in the areas of responsibility, adhere to the required information security controls and policiesEnforce policy adherence and coordinate formal policy exception requestsEnsure compliance to standards and regulations such as ISO 27001, PCI DSS and national information security lawsProvide timely updates on assessments and assigned projectsBuild relationships and partner with business units and IT departmentsQualificationsExcellent Oral and Written Communication Skills with the ability to interact and communicate with technical personnel, non-technical personnel and senior managementProactive, flexible and able to work independently, adjusting quickly to changing priorities and conditionsMust demonstrate strong leadership attributes as well as the innate ability to follow and be supportive team memberBachelor’s Degree in Computer Science, IT, Security, or related field; Master’s degree in related field a plus7 to 10+ years of experience in IT Security, Risk & Compliance, or IT Audit. Experience and knowledge of information security concepts / principles and audit / risk assessment methodologiesStrong working knowledge to independently conduct internal audits and validate compliance against information security and privacy requirements against ISO 27001, PCI DSS, HIPAA, HiTrust, GDPR, GITC/SOC 1 and SOC 2 standardsExcellent knowledge of security and technology architecture.Certification Requirements: CISA, CISM, CISSP, CRISC, PCI-QSA, CGEIT, and/or CIA –IIA certifications a plusAdditional InformationEEOC and Veteran Documentation
During employment, employees are treated without regard to race, color, religion, sex, national origin, age, marital or veteran status, medical condition or handicap, or any other legally protected status.
At times, government agencies require periodic reports from employers on the sex, ethnicity, handicap, veteran and other protected status of employees. The purpose of this Administrative EEO Record is for statistical analysis only and is used to comply with government record keeping, reporting, and other legal requirements. Periodic reports are made to the government on the following information. The completion of the Administrative EEO record is optional. If you choose to volunteer the requested information, please note that all
Administrative EEO Records are kept in a Confidential File and are not part of your Application for Employment or Personnel file.
Please note: YOUR COOPERATION IS VOLUNTARY. INCLUSION OR EXCLUSION OF ANY DATA WILL NOT AFFECT ANY EMPLOYMENT DECISION.