Information Security Manager

Company Description

About Sutherland: 

Artificial Intelligence. Automation. Cloud engineering. Advanced analytics. For business leaders, these are key factors of success. For us, they’re our core expertise.

We work with iconic brands worldwide. We bring them a unique value proposition through market-leading technology and business process excellence.

We’ve created over 200 unique inventions under several patents across AI and other critical technologies. Leveraging our advanced products and platforms, we drive digital transformation, optimize critical business operations, reinvent experiences, and pioneer new solutions, all provided through a seamless “as a service” model.

For each company, we provide new keys for their businesses, the people they work with, and the customers they serve. We tailor proven and rapid formulas, to fit their unique DNA. We bring together human expertise and artificial intelligence to develop digital chemistry. This unlocks new possibilities, transformative outcomes and enduring relationships.

Sutherland

Unlocking digital performance. Delivering measurable results

Job Description

Sutherland is seeking a reliable and technical person to join us as an Information Security Manager. We are a group of hard-working and energetic individuals. If you are looking to build a fulfilling career and are confident you have the skills and experience to help us succeed, we want to work with you! 

The Manager - Technology Risk Management, Information Security resource will perform security assessments to ensure compliance with internal policies, controls, and standards, as well as client and regulatory security requirements. These assessments include reviewing technological, operational, and process controls to evaluate the design and implementation of security controls. 

The individual will also perform risk assessments and monitor for adherence to customer requirements, ISO 27001 requirements, PCI DSS requirements, and other regulatory compliance requirements.  Additionally, the individual will participate in PCI DSS audits, Service Organization Controls (SOC) audits, SSAE 16 / ISAE 3402 audits, customer audits, and other compliance / regulatory audits occurring at various sites. 

This position may be based anywhere in the United States and the individual will report to the Director of Information Security, Americas.  The role will occasionally require travel and the individual will interface closely with Service Delivery, other members of the global Information Security team, and other functions across Human Resources, Physical Security, Information Technology, and Facilities.

Responsibilities: 

• Assist with assessments of Information security controls to measure the effectiveness of controls and identify control gaps
  • Identify, assess, and prioritize identified risks
  • Collect evidence, artifacts, and document findings to support conclusions
  • Report on compliance with internal policies, controls, and standards
  • Provide recommendations for remediation of identified deficiencies
  • Track and report on findings/deficiencies to closure
• Participate in third-party risk assessments and audits, to include HIPAA audits, PCI DSS audits, Service Organization Controls (SOC) audits, SSAE 16 / ISAE 3402 audits, customer audits, and other compliance / regulatory audits
  • Track remediation efforts and report on the status of control deficiencies
• Support information security investigations in the respective areas of responsibility
• Support security initiatives and global policy adherence and awareness efforts in the areas of responsibility
• Ensure that new client engagements, in the areas of responsibility, adhere to the required information security controls and policies
• Enforce policy adherence and coordinate formal policy exception requests
• Ensure compliance to standards and regulations such as ISO 27001, PCI DSS and national information security laws
• Provide timely updates on assessments and assigned projects
• Build relationships and partner with business units and IT departments

Qualifications

• Excellent Oral and Written Communication Skills with the ability to interact and communicate with technical personnel, non-technical personnel and senior management
• Proactive, flexible and able to work independently, adjusting quickly to changing priorities and conditions
• Must demonstrate strong leadership attributes as well as the innate ability to follow and be supportive team member
• Bachelor’s Degree in Computer Science, IT, Security, or related field; Master’s degree in related field a plus
• 7 to 10+ years of experience in IT Security, Risk & Compliance, or IT Audit. Experience and knowledge of information security concepts / principles and audit / risk assessment methodologies
• Strong working knowledge to independently conduct internal audits and validate compliance against information security and privacy requirements against ISO 27001, PCI DSS, HIPAA, HiTrust, GDPR, GITC/SOC 1 and SOC 2 standards
• Excellent knowledge of security and technology architecture.
• Certification Requirements: CISA, CISM, CISSP, CRISC, PCI-QSA, CGEIT, and/or CIA –IIA certifications a plus

Additional Information

EEOC and Veteran Documentation
During employment, employees are treated without regard to race, color, religion, sex, national origin, age, marital or veteran status, medical condition or handicap, or any other legally protected status.
At times, government agencies require periodic reports from employers on the sex, ethnicity, handicap, veteran and other protected status of employees. The purpose of this Administrative EEO Record is for statistical analysis only and is used to comply with government record keeping, reporting, and other legal requirements. Periodic reports are made to the government on the following information. The completion of the Administrative EEO record is optional. If you choose to volunteer the requested information, please note that all 
Administrative EEO Records are kept in a Confidential File and are not part of your Application for Employment or Personnel file.
Please note: YOUR COOPERATION IS VOLUNTARY. INCLUSION OR EXCLUSION OF ANY DATA WILL NOT AFFECT ANY EMPLOYMENT DECISION.