DIRECTV is one of the world's leading providers of digital television entertainment services delivering a premium video experience through state-of-the-art technology, unmatched programming, and industry leading customer service to more than 32 million customers in the U.S. and Latin America.
The Compliance Assessor of IT Risk & Compliance Management performs Security Risk Assessments on DIRECTV’s 3rd party vendors.
An assesment would typically involve the following tasks:
• Communicating and interviewing vendors and internal business groups
• Obtaining and reviewing supporting documentation
• Performing on-site assessments (where necessary)
• Documenting vendor’s data security controls
• Summarizing the adequacy of security controls
• Outlining gaps & remediation steps
• Providing recommendations
• Capturing assessment results in centralized repository
Other responsibilities include:
• Assisting in the upkeep of governance, risk and compliance (GRC) software applications
• Interacting with team members and department/division personnel on other GRC related tasks
• Documenting data and process flows (e.g. data flow diagrams / swim-lane diagrams)
• Cataloging, tracking and reporting the status of other risk assessments and resolution actions
• Managing several GRC related tasks simultaneously without a great deal of direction or oversight
• Evaluating internal compliance to regulations such PCI
• Proposing practical risk mitigations based on cost, benefit and risk
• Should have minimum 1-2 years of experience working with IT compliance and/or security audits
• Should have experience with Governance, Risk & Compliance Programs
• Should have understanding of Payment Card Industry Data Security Standard (PCI DSS) and other compliance frameworks (e.g.: ISO 27001)
• Should have experience related to vendor management audits and/or SAS70/SSAE16 type audits
• Should be able to effectively communicate complex topics with both technical and non-technical personnel
• Should have experience in reviewing Polices & Procedures and security controls
• Big 4 consulting experience is considered an advantage
Certifications (preferred, but not required):
• PCI Qualified Security Assessor (QSA) or Internal Security Assessor (ISA)
• Certified Information Systems Security Professionals (CISSP)
• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA)
This opportunity is a Long Term Contract
