Audit & Compliance Specialist

Audit & Compliance Specialist

=====================================================

Appy sending your resume to gabriela.aguilarperez@teleperformance.com before April 14th

 

Summary

Responsible for auditing all assigned Market departments, providing help as a security consultant to all areas of operation and support for information security best practices at local sites and supporting other sites by traveling and conducting audits internal or for any necessary continuous improvement.

Scope: Country Market

Responsibilities

·        Ensure all employees receive the security Awareness program

•        Follow up and execute activities related with the ISO 27001/PCI/SOC2/HITRUST/ISO27701/GECSP

•        Being the POC with operations for information security.

•        Ensure the fully compliance of the security contractual requirements of current local clients within the assigned sites

•      Execute internal audits at least on a quarterly basis (or for any business reason), ensuring the compliance and adherence to the internal policies and standards.

•      Collect, review and upload the necessary documentation/evidence into the corporate portal TP Policy according to the control frequency for security and data privacy controls.

•   Review within Service desk all the local request that require authorization from Information Security in order to ensure the security compliance.

•        Provide support on incident response related tasks.

•        Execute all the security risk assessment for each line of business

•        Follow up and report security compliance metrics to managers and above.

•       Provide support as a security consultant to all operation and support areas for any Information Security best practices on the local sites.

•        Ensure that the security culture is implemented and continuously improved within the designated sites.

•        Proper follow up to all policy compliance incidents.

•        Propose ideas to the possible solutions to mitigate security risk behaviors.

•      Execute internal audits at least on a quarterly basis (or for any business reason), ensuring the compliance and adherence to the internal GECSP policies.

•     Provide support for internal and external audits at least once a year or for any business reason, ensuring the compliance and adherence to the security international standards, frameworks and best practices such as PCI DSS, ISO IEC 27001:2013, SOC2 Type 1&2, HIPAA/Hitrust, ISO 27701 and others.

•        Provide support to client Security Audits.

•        Maintain all risks Documents and review with the OSM.

•        Implement Security controls to mitigate all risks detected on the SRA.

•    Follow up and document all activities related to Corrective Actions (Fraud investigations, external/internal and client audits, security frameworks such as PCI DSS, ISO IEC 27001:2013, SOC2 Type 1&2, HIPAA/Hitrust, ISO 27701 and others)

·        Attend to site meetings to ensure the correct execution of the security controls implemented throughout the internal processes.

•        Attend actively to the weekly meetings with the different department leads and managers in each site assigned.

•    Execute the signing process for all Security Policies at all levels of the site(s) or subsidiary and report the status in a weekly basis manager, directors and C-Levels

•        Execute the process of Monthly Security Communication Acknowledge and report the status in a weekly basis to managers

•        Monitor and resolve daily operational requirements effectively in accordance with GECSP policies, TISPS Standards and Privacy

·        Controls, best practices and international security standards.

•        Report to the Hotline any possible security fraud incidents.

•        Give local support for any security training.

•        Give support to other sites of TP NSR by traveling and performing internal audits or for any continuous improvement needed.

•        Be part of the Incident Management Team of the Business Continuity Plan (BCP) for the assigned sites.

•        Document and follow up on the Business Continuity Plan implementation, test exercises and action plans.

•        Information Security management system document control.

•        Risk analysist for software implementation.

•        Monitoring and ensure the proper compliance at all times of the Global Essentials Compliance and Security Policies within  operations and support areas.

•        Attend to site meetings to ensure the correct execution of the security controls implemented throughout the internal processes.

•        Monitoring and ensure the proper compliance at all times of the Global Essentials Compliance and Security Policies within operations and support areas.

 

Education and Specific Training:

• Completed career in Industrial or Process Engineering or Criminalistic currently studying if the following work experience is met.

•        1 year of experience in the role or similar positions

•        Knowledge in Continuous Improvement (Six Sigma, Lean, etc.).

•        Knowledge on any Management System such as ISOs or PCI.

•        Knowledge on Information Technology / Information Security related fields.

•        Experience on elaborating Standard Operating Procedures (SOPs), policies, standards, or related documentation.

•        Previous experience on security auditing is a plus.

•        Internal auditor certification

•        Preferred Certification Information Systems Auditor (CISA)

•        ISO 27001 and PCI knowledge.

•        English 80% (B2 Minimum)

•        Intermediate knowledge in the use of the Microsoft Office suite (Word, Excel, PowerPoint,

•        Office 365 tools, etc.). Advanced knowledge is a plus.

 

Site: Nahui B&M 9:00 am -6:00 pm

IMPORTANT:

You must have at least 6 months  of tenure in your current position to apply and no administrative penalties in the last 90 days applies for administrative positions .

·         Please have your manager send a feedback lette to gabriela.aguilarperez@teleperformance.com  (attached for your reference)

·         Only applications with resume will be considered, please be sure to attach this document in the email.

 

At TP México, consistent with our diversity and inclusion policy, we guarantee that our Talent Attraction process is free of discrimination based on conditions such as biological sex, sexual orientation, gender identity and expression, ethnic origin, nationality, age, civil status, social condition, health status, religious beliefs, political doctrine, disability or any other protected by law, will not be an adverse reason to advance your career with us and if you decide to share this information it will be treated confidentially.

 

At TP we celebrate and value diversity