Security Specialist

Location: Framingham, Massachusetts
Posted On: 9/14/2017
Job Code: 5470_CONSECCOM_MA
Job Description
Job Description:

The Information Security Compliance candidate will be responsible for helping demonstrate Staples compliance posture relative to Information Security within the company and to external parties by driving Staples continued compliance efforts with external and internal requirements. This includes maintaining the security controls required primarily by PCI and other regulatory compliance frameworks.

This role’s responsibilities include:
• Support the identification, implementation, and maintenance of security controls required by PCI, and other regulatory compliance frameworks in a collaborative manner with other key stakeholders
• Participate in the development and oversight of required corrective action plans relating to security compliance and PCI issues
• Provide oversight in order to monitor and maintain and Staples GRC platform (Archer)
• Support security assessments, develop mitigation plans, and work with internal project managers to assign responsibility
• Establish and manage the security risk assessment for new and ongoing projects and advise on architectures, security, and mitigating controls.
• Understand technical implementation details necessary to assess and design practical security controls in conjunction with other Staples functional areas
• Partner with team members and cross functional groups to ensure programs align with PCI compliance requirements
• Assist with responding to external PCI auditor requests inquiring about Staples security posture
• Promote security compliance internally while maintaining Staples core values of transparency, fairness and trust

Required Experience :
• 8 - 10 years of experience in information security, preferably in the audit & compliance related field
• Experience with PCI Compliance, preferably as an active Internal Security Assessor (ISA) or Qualified Security Assessor (QSA)
• Deep understanding of PCI Data Security Standards and other security frameworks such as ISO 27000 Series, NIST, etc.
• Experience working with GRC platforms – Archer GRC v6 strongly preferred
• Experience in performing information security risk assessments
• Strong foundation in and in-depth technical knowledge of security engineering, computer and network security, authentication, and security controls
• Strong understanding of most of the following common security compliance frameworks, controls, and best practices:, OWASP Top 10, SANS CIS Critical Security Controls, (SSAE 16 - SOC 2 and 3; regulations governing personally identifiable information (PII), and other applicable regulatory compliance frameworks
• History of successful engagements with external auditors for various compliance audits
• In-depth understanding of network and system security technology and practices across all major-computing areas
• Security certifications desired such as CISA, CISSP, CISM, CRISC, ISO 27001 etc
Category:IT  code:new
Job Requirements
Engineering,ISO 9001,SAN

Not Ready to Apply?
Contact Details
Devyanshu Agrawal