Summary/Objective

The Director of Governance, Risk and Compliance (GRC) will work with the VP of Security and IT to effectively manage and lead the GRC team in efforts to maintain security standards such as PCI-DSS compliance.  The Director of GRC will also manage the people, processes and technology of the Security Operations Center (SOC) in order to monitor for security events and provide incident response.  The GRC team provides periodic compliance services for both customers and the internal Acumera environment.

The ideal Director of GRC should possess a positive attitude, be someone who embraces change, excels as a leader, is organized, desires to automate, and has a solid background in IT security and compliance.

As an integral part of the Security and IT team, the desired candidate will have responsibility for the following:

Scheduled periodic work:

  1. Ensure success of day-to-day activities for all log analysis and incident response requirements

  2. Maintain accurate, up-to-date documentation and compliance artifacts for Acumera and customers

  3. Conduct routine firewall & security reviews, internal & external vulnerability scans and security audits of all infrastructure systems

  4. Maintain all systems in such a manner so as to achieve continuous compliance with the latest version of the Payment Card Industry Data Security Standards (PCI-DSS).

  5. Patch systems as vulnerabilities are identified

Unplanned/reactive work:

  1. Respond and perform incident response for security alerts and anomalies that may be found during log analysis

  2. Ensure change management processes are followed for all systems

  3. Review new vulnerabilities and analyze risk and suggested next steps

Project work:

  1. Lead efforts to stay PCI-DSS compliant as new versions of the PCI-DSS are released.

  2. Develop solutions to automate and improve the quality of the scheduled periodic work

  3. Provide feedback to the development teams of ways to improve the security tools of the platform

  4. Provide maintenance and updates for Acumera’s technology in the areas of:

    1. Compliance program management

    2. Security & vulnerability management

    3. Change management

    4. Logging environments

    5. Automated scheduled periodic maintenance

    6. Active Directory and Group Policy administration

Job Qualifications  

  1. Demonstrated Linux, MS Windows and Apple Mac IT security experience

  2. Ability to function as a self-directed team leader organizing work and meeting deadlines

  3. Identify effectiveness & efficiency improvement initiatives and work toward completing these goals

  4. High standards for consistency & quality within personal and team performance

  5. Ability to work flexible hours 

  6. Ability and desire to obtain industry relevant certifications required

  7. Familiarity with PCI compliance standards 

Supervisory Responsibility

This position requires supervision of the GRC team which includes hiring, performance reviews, mentorship and as the main point of contact/escalation.  This position is ultimately responsible for maintaining PCI-DSS compliance for both Acumera and managed PCI-DSS compliance customers.

Work Environment

This job operates in a professional office environment, with occasional work-from-home opportunities as approved by the manager. This role routinely uses standard office equipment such as employee workstation computers, phones, photocopiers, printers and filing cabinets.

Physical Demands

This is largely a sedentary role; however, some occasional physical labor may be required to move computing equipment and assist with office moves.

Position Type & Expected Hours of Work

This is a full-time position with a preference to work from Acumera’s Austin or Tallahassee office. Routine days and hours of work are Monday through Friday 8-5pm or 9-6pm. Remote work or alternative schedules may be approved on a case-by-case basis. Hours may vary as required to maintain security and compliance with minimal customer disruption. 

Travel

Travel opportunities may be available between Acumera offices and to customer sites.  Generally, travel will not be required.  Industry conference and training opportunities may require occasional travel. 


Required Education and Experience

  1. Bachelor's degree or equivalent technical training required

  2. Five+ years of relevant industry experience

  3. Familiarity with PCI compliance standards

Preferred Education and Experience

  1. Experience with Splunk, Amazon Web Services, iptables, openvas, syslog, Puppet and working in DevOps/Agile/Lean environment preferred

  2. Amazon Web Services, Puppet, Squid Web Proxy, Google Apps, and working in DevOps/Agile/Lean environment preferred

  3. PCI Security Standards Council certifications

  4. CISSP, CEH, CompTIA Network+, Security+ or similar are preferred

  5. Scripting experience with Python, Bash, Ruby and/or powershell is preferred

Additional Eligibility Qualifications

Common compliance standards experience with similar requirements (such as HIPPA, CIS Controls, etc) will be considered.  

Other Duties

Disclaimer: this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee.  Other duties, responsibilities and activities may change or be assigned at any time with or without notice.



This position has been filled. Would you like to see our other open positions?