Information Security Compliance Consultant

Company Description

Visa is a world leader in payments and technology, with over 259 billion payments transactions flowing safely between consumers, merchants, financial institutions, and government entities in more than 200 countries and territories each year. Our mission is to connect the world through the most innovative, convenient, reliable, and secure payments network, enabling individuals, businesses, and economies to thrive while driven by a common purpose – to uplift everyone, everywhere by being the best way to pay and be paid.

Make an impact with a purpose-driven industry leader. Join us today and experience Life at Visa.

Job Description

At Visa, we are passionate about making a difference. We lead the way in disrupting fraud from multiple vectors. In this role you will be joining an exciting, innovative business new to the Visa family.

At Featurespace, we strive to be the world’s best software company at protecting our clients and their customers from fraud attacks. We do that with personality, heart and professionalism, cultivating an innovative, fun and positive team atmosphere where everybody can contribute to solving our clients’ problems in new, innovative ways. We are always seeking to be the best at what we do and make our customers smile.

The Opportunity

In your role as Information Security Compliance Consultant, you will help us achieve our goals and deliver success on behalf of our customers by

• Building and overseeing our Information Security controls framework and environment in line with the Visa Key Controls and industry standards, ensuring enterprise-wide security compliance to required certifications. Leading on the preparation for any new certifications.
• Collaboratively creating, implementing and maintaining security policies, standards and procedures which improve our posture in alignment with industry best practice and internationally recognised compliance standards.
• Ensuring the annual successful execution of all compliance recertification efforts by leading and coordinating our preparation, responses and submissions for certifications such as PCI DSS, SOC2, ISO27001, DORA etc.
• Providing assurance to our customers by coordinating the responses to customer RFP questions and customer audits in the Information Security area.
• Coordinating with and supporting the Visa Legal, Risk & Compliance team in understanding and quantifying security risk, responding to third-party requests and performing security assessments of our suppliers, their products and services.
• Driving our security awareness programme, aligned with the Visa programmes, promoting security within Featurespace and collaborating with our customers and industry partners to develop the maturity and standing of security within our industry.
• Acting as a subject matter expert on compliance requirements and consulting across the enterprise, gaining buy-in to ensure our products and services are "secure and compliant by design".

Responsibilities

As a company we hire people with a willingness to adapt to a variable role, so along with the key responsibilities below, we ask for ownership of any other duties as required.

• Create, review, update and complete information security policy, standards, and guidelines, maintaining document management disciplines and dependency mapping; consulting with and coordinating the input of SMEs as needed.
• Conduct security risk assessments, business impact analyses and recommend appropriate control improvements. Provide oversight and assurance of corrective, preventative or remediation activities, escalating issues at risk of missing deadlines in a timely and efficient manner.
• Maintain security risk registers in collaboration with the Visa Risk and Compliance teams which document and quantify risks, track remediation plans, risk ownership and acceptance, and which facilitate regular reviews, prioritisation and overall residual risk reduction.
• Coordinate and lead our responses to customer RFP questions and security audits in a timely and efficient manner, helping to create repeatable, re-usable answers and examples for common questions and ensuring all responses are traceable to SMEs and responsible teams within the organization. Represent the Information Security Department directly with customers when required.
• Lead the adoption and customisation of the VISA third party security assessment programme into Featurespace. Coordinate the adoption of the assessment programme and conduct additional risk-based information security due diligence activities against suppliers (developing and maintaining customised questionnaires and collating responses, enhancing the supporting processes where applicable) to provide appropriate levels of assurance to key stakeholders when needed.
• Stay up to date with the latest security and technology trends and development. Research and evaluate emerging security threats and closely monitor and understand current and potential changes to compliance frameworks and regulations, making recommendations on mitigations and programs for the organization to address them.
• Lead the adoption and customisation of the Visa Security Awareness and Training programme for Featurespace to ensure that security architecture and compliance concepts and best practices are embedded throughout the business. Develop, facilitate and deliver education and training for employees required to uphold compliance and for general security awareness. Ensure any bespoke compliance training is regularly updated, and completion rates monitored.
• Consult with internal teams, clients, auditors, and regulators regarding information security compliance, and related topics as necessary. Act as a subject matter expert when internal teams have questions/need guidance and be a liaison with external compliance advisory firms as well as the governing body and industry communities.
• Liaise with internal teams and stakeholders (e.g. Legal, Privacy, GDPR, Risk and Compliance) in relation to security compliance to ensure coordination of requirements, agreed controls and shared consistent documentation and tooling wherever possible.
• Gain knowledge and understanding of our goals and culture and ensure that our control and compliance framework delivers the information security architecture and compliance strategy aligned with industry best practices and the company security posture defined by the Visa and the Featurespace CISO.
• Contribute advice and guidance for departmental security strategies to manage identified risks and ensure adoption and adherence to standards and compliance frameworks.
• Develop and maintain documentation, controls, processes, workflows, metrics, reporting, solutions, and applications/tools as needed to ensure effective operation and visibility of the state of the compliance function.
• Engage as required during actual and simulated incidents and recovery operations.
• Ensure all processes and controls that fall within your area of responsibility are operating effectively and are correctly evidenced.
• Travel periodically as required for customer, company, or relevant events.

Qualifications

Required experience:

• Demonstrable experience ensuring information security compliance, preferably in highly regulated environments.
• Extensive experience working with, building, and implementing successfully, a range of security control frameworks including ISO27000 and SOC 2, e.g. worked as ISO27001 Lead Auditor/Implementer.
• Experience of ISMS, security risk management and associated practices.
• Experience of performing internal or third-party security compliance assessments.
• Bachelors degree preferred in information assurance, computer science, engineering, or related field.
• Ability to multi-task, work calmly under pressure, think analytically, understand complex systems and communicate complexity effectively.
• Ability to communicate clearly with both technical and non-technical staff and stakeholders at different levels across the business.
• Excellent written and verbal communication as well as good presentation skills. Proficient English language skills are required.
• Be able to build relationships and influence actions from all areas of the business including senior leadership, engineering teams and auditors and regulators.
• Ability to adapt and stretch capabilities and skills to meet the business needs of a fast-growing technology firm.
• Ability to create repeatable and re-usable principles, processes and solutions.
• Broad knowledge / understanding of basic technical security controls / control frameworks including, but not limited to, areas such as cloud computing, network security, endpoint security and identity and access management, etc.
• Knowledge of common security vulnerabilities/risk factors in information processes, infrastructure and applications, e.g., Separation of Duties, CVEs, OWASP Top 10, etc.

Great to have:

• Preferably one or more of the following security qualifications - ISO270001 LI/LA, PCIP, ISA, CISA, CISM or similar
• Strong/Deep understanding of information security controls, technologies, policies, processes, and best practices as applied to applications, compute, networking, cloud, and containers.
• Experience / knowledge of Financial Services Compliance such as PCI

Additional Information

Visa is an EEO Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. Visa will also consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.