Security Risk And Compliance Management Specialist

Mexico - Remote(Jalisco/Mexico Only)

Rackspace logo
Rackspace
As a cloud computing services pioneer, we deliver proven multicloud solutions across your apps, data, and security. Maximize the benefits of modern cloud.
Apply now Apply later

PRIMARY RESPONSIBILITY:  Acts as an advocate in development of overall information security program globally. Creates and performs global IT Risk and Compliance assessments. Assists in development and execution of information security, compliance, and risk best practices globally through audits, assessments, and policy-making.

Knowledge/ Skills

  • Excellent written and verbal communication skills.
  • Able to communicate with all levels of the organization.
  • Aptitude to develop and maintain internal and external business relationships and to leverage those relationships in pursuit of goals and responsibilities. 
  • Excellent analytical skills to analyze and evaluate technical information.
  • Strong knowledge of application and system vulnerabilities and exposures.
  • Knowledge of basic system, network, and operating system hardening techniques.
  • Excellent knowledge of Information Assurance (IA) principles and tenets (confidentiality, integrity, availability, authentication, non-repudiation).
  • Strong knowledge of network architecture concepts including topology, protocols, and components.
  • Knowledge of network communication protocols and directory services.
  • Knowledge of network security architecture and risks associated.
  • Knowledge of system administration concepts for Unix/Linux and/or Windows operating systems. 
  • Strong knowledge of security policies and practices, including ISO 27001 and Payment Card Industry (PCI).
  • Ability to work independently on tasks and take ownership of projects.

Job Complexity

  • Collaborates across the organization to execute and mature the Risk Assessment process, including developing all necessary charters, processes, methodologies, and reports.
  • Participates in cross-functional workgroups and planning meetings to promote ideal solutions that meet the objectives of both the business and the IT Risk, Compliance, and Information Security team. Where ideal solutions cannot be found, identifies and reports enterprise level risks and failures to management for escalation. 
  • Promotes sharing of expertise through consulting, presentation, and documentation. Assists in training other Information Security, IT Risk, and compliance staff.
  • Communicates the value of IT Risk, Compliance, and Information Security within the organization. Continuously validates the organization against additional mandates, as developed, to ensure full compliance.
  • Promotes sharing of expertise through consulting, presentation, and documentation.
  • Assists in training other Compliance or Security staff where necessary.
  • Communicates the value of Compliance and Information Security within the organization. 
  • Continuously validates the organization against additional mandates, as developed, to ensure full compliance. Coordinates cross-functionally to ensure a holistic approach to security and compliance across the organization.
  • Evaluates, monitors, and ensures compliance with IT Risk and Information Security policies, standards, guidelines and relevant legal and regulatory requirements. 

Risk

  • Conducts IT Risk and Information Security due diligence activities relative to vendors and third parties. Conducts risk assessments and documents findings where the deviation from an information security or IT Risk policy or standard is desired. Creates risk remediation plans with business owners and follows through in the implementation of changes.  

Compliance

  • Conducts annual audits for industry specific reports, including PCI, ISO27001, SOC1, SOC2, SOC3, SOX, HITRUST and NIST Documents findings where deviations exist through internal or external testing. 
  • Develops internal control testing and documented processes.
  • Updates internal control matrices where necessary to support annual changing environments.
  • Ability to adapt and create processes as applicable, including changes in processes or reporting metrics.
  • Executes as the conduit between internal control owners and external auditors, including kickoff meetings, interview requests, closing meetings, and evidence gathering.
  • Facilitates and coordinates internal audits required by Internal Compliance teams, such as PCI Quarterly Process assessments and SOX Quarterly Elevated Access Reviews.

Supervision

  • Instruction on daily work and new assignments 

Experience/ Education

  • High school diploma or equivalent required. Bachelor’s degree in Computer Science/Computer Studies/Information Technology/Information Security or a related field is preferred. Experience may substitute for education at 1 year of experience for 1 year of education. Minimum of 2-5 years of practical information security experience in developing and maintaining secure architectures for large enterprises is preferred, including three years in a Rackspace-type environment. Security+, Network+, Project+, CISSP, Professional certifications preferred. Risk: CRISC, ISSEP, GCED, GCIA. Compliance: CISA.

About Rackspace TechnologyWe are the multicloud solutions experts. We combine our expertise with the world’s leading technologies — across applications, data and security — to deliver end-to-end solutions. We have a proven record of advising customers based on their business challenges, designing solutions that scale, building and managing those solutions, and optimizing returns into the future. Named a best place to work, year after year according to Fortune, Forbes and Glassdoor, we attract and develop world-class talent. Join us on our mission to embrace technology, empower customers and deliver the future.  More on Rackspace TechnologyThough we’re all different, Rackers thrive through our connection to a central goal: to be a valued member of a winning team on an inspiring mission. We bring our whole selves to work every day. And we embrace the notion that unique perspectives fuel innovation and enable us to best serve our customers and communities around the globe. We welcome you to apply today and want you to know that we are committed to offering equal employment opportunity without regard to age, color, disability, gender reassignment or identity or expression, genetic information, marital or civil partner status, pregnancy or maternity status, military or veteran status, nationality, ethnic or national origin, race, religion or belief, sexual orientation, or any legally protected characteristic. If you have a disability or special need that requires accommodation, please let us know.
Job perks/benefits: Team events
Job region(s): North America
Job stats:  4  0  0
  • Share this job via
  • or

Explore more Remote Work and WFH career opportunities