Information Security Compliance Resume Sample
Work Experience
- Experience and Knowledge of Sarbanes-Oxley requirements and IT control frameworks such as CoBIT and NIST800-171/NIST800-53
- Demonstrated written and oral communication skills and ability to effectively manage communication (remotely or in person) with Peers, Managers, and Contractors and timelines across difference geographies and cultures
- Reduce broad concepts and business strategies into structured requirements, oversee large vendor relationships, manages complex processes, and solve complex high impact process and support problems
- Good analytical, organizational, interpersonal, and collaboration skills
- A strong understanding of assurance related guidelines, standards and frameworks including but not limited to FISMA, ISO\IEC, COBIT, ITIL, NIST, HIPAA, SSAE 16 SOC1/2, PCI-DSS is required
- Excellent oral and written communication skills are required to document and relay information to individuals involved in systems support processes
- A high level of analytical, planning and organizational ability is required to project organization needs, manage large and complex projects, and manage information security activities as described
- Determine global vision for information security assets, policies and standards
- Develop and maintain continuous up-to-date information security policies, standards and guidelines. Oversee the approval and publication of these information security policies and procedures
- Identify and communicate security protection goals and objectives with suitable measurement KPIs to support the business security requirements
- Provide regular reporting on current status of information security program to senior leadership team
- Audit all aspects of information security and facilitate integration with revenue optimization, fraud, and merchant management teams to ensure that all information owned, collected or controlled by or on behalf of the company is processed and stored in accordance with applicable laws and other global regulatory requirements, such as data privacy
- Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action
- Evaluate and provide recommendation for risk mitigation and insurance policies for cybersecurity
- Define and build partnerships with internal partners for providing investigation, incident response support and other services as identified
- Serve as an internal information security consultant to the CP&S stakeholders to assist / advise / educate on all aspects of information security and compliance
- Ensure effective levels of data asset protection are in place and monitored including data loss / data leakage and intrusion detection and prevention
- Establish governance and monitor compliance with the organizations security policies and procedures among employees, contractors and other third parties and take corrective action where necessary including roles and responsibilities with regard to information ownership, classification, accountability and protection of information assets
- Create and manage a unified control framework to integrate and normalize the wide variety and ever-changing requirements resulting from global laws, standards and regulations
- Monitor advancements in information security
- Manage and Oversee systems implementation and new tools to be used in the organization. Guarantee Rockwell and Customer Data are protected and ensure compliance business wide
- Travel could be as high as 50% globally
- Manage the overall Information Security strategy for the company, thereby protecting the confidentiality, integrity, and availability of the company’s information assets and services
Education
Professional Skills
- Strong interpersonal skills to build and foster customer relationships
- Considerable process management, negotiating, influencing and problem resolution skills
- Superior analytical skills are needed to identify, analyze and prepare recommendations for improvements within the IT Compliance function
- Hands-on experience overseeing and implementing the ISO 270001 control framework across a large scale global IT environment
- Proven excellence in PPT presentations for reporting process metrics and delivering KPI’s
- Demonstrated learning agility, especially as relates to business acumen and making risk-based decisions
- Handle fluctuating workloads, conflicting priorities and concurrent activities
How to write Information Security Compliance Resume
Information Security Compliance role is responsible for software, compliance, finance, training, integration, database, auditing, security, architecture, reporting.
To write great resume for information security compliance job, your resume must include:
- Your contact information
- Work experience
- Education
- Skill listing
Contact Information For Information Security Compliance Resume
The section contact information is important in your information security compliance resume. The recruiter has to be able to contact you ASAP if they like to offer you the job. This is why you need to provide your:
- First and last name
- Telephone number
Work Experience in Your Information Security Compliance Resume
The section work experience is an essential part of your information security compliance resume. It’s the one thing the recruiter really cares about and pays the most attention to.
This section, however, is not just a list of your previous information security compliance responsibilities. It's meant to present you as a wholesome candidate by showcasing your relevant accomplishments and should be tailored specifically to the particular information security compliance position you're applying to.
The work experience section should be the detailed summary of your latest 3 or 4 positions.
Representative Information Security Compliance resume experience can include:
- Ensure security of corporate data which is accessed by Barneys’ 3rd party service providers and regularly monitor service providers’ security posture
- Perform information security risk assessments and serve as an internal auditor for security issues, with overall responsibility of the company’s risk register and remediation efforts
- Solid understanding of information technology and information security including; firewalls/UTM’s, IDS/IPS, VPN’s, penetration testing, security event monitoring, and other security systems with an emphasis on network and endpoint security
- Solid project management and communication skills with internal stakeholders and external/internal auditors
- Strong stakeholder management and organization skills
- Exceptional time management and work prioritization skills
Education on an Information Security Compliance Resume
Make sure to make education a priority on your information security compliance resume. If you’ve been working for a few years and have a few solid positions to show, put your education after your information security compliance experience. For example, if you have a Ph.D in Neuroscience and a Master's in the same sphere, just list your Ph.D. Besides the doctorate, Master’s degrees go next, followed by Bachelor’s and finally, Associate’s degree.
Additional details to include:
- School you graduated from
- Major/ minor
- Year of graduation
- Location of school
These are the four additional pieces of information you should mention when listing your education on your resume.
Professional Skills in Information Security Compliance Resume
When listing skills on your information security compliance resume, remember always to be honest about your level of ability. Include the Skills section after experience.
Present the most important skills in your resume, there's a list of typical information security compliance skills:
- Exceptional writing skills Able to work in a fast-paced, challenging environment independently
- Proven experience working in a global organization with diverse cultural considerations and time zones
- Proficient PC and software application skills, especially Excel, Access, PowerPorint
- Demonstrate a solid understanding of application architectures required
- Strong understanding of business outsourcing Agile approach to working
- Experience in deploying compliance standards within a company, and supporting audit checks
List of Typical Experience For an Information Security Compliance Resume
Experience For Information Security Compliance Manager Resume
- Experience in processes for assessing and designing internal controls for large scale organizations
- In-depth experience of data security frameworks and regulatory standards including expertise in the EU DPD
- Experience with internal auditing and certification of technology platforms
- Performs DDoS testing for new customers and new DDoS features prior to network deployment
- Demonstrated ability to analyze design, and implement technical security controls
- Work independently, self drive productivity, and prioritize work efforts
Experience For Director, Information Security Compliance Resume
- Interchangeably operate and execute tactically and more strategically
- Experience in integrating PCI-DSS and SSAE18 requirements to business and technical environments
- Experience working in fast-paced, global business and technology environments
- Strong understanding of information security management or compliance frameworks (i.e. PCI-DSS, SSAE18, ISO27001, NIST)
- Experience with cloud-based applications and services
- Continually assess threats and coordinate an effective defense against them
Experience For Global Information Security Compliance Manager Resume
- Builds and maintains strong relationships with internal stakeholders, customer business contacts, and IT vendors
- Strong knowledge of current Information Security threats and trends
- Experience with a variety of Software Development Lifecycle methodologies
- Experience with risk assessments and mitigation
- Experience with IT Service Management and ITIL
Experience For Boomi Information Security & Compliance Manager Resume
- Strong knowledge of ISO 27001 processes
- Typically requires 12+ years’ experience in a combination of risk management, information security and IT roles
- Advising account management team on to security/regulatory/compliance issues and providing expertise for decisions/risk mitigation
- Ensuring all personnel on the account adhere to both the customer's and security policies and processes
- Complete risk assessments and perform in-depth analysis of mitigating controls and financial risk, and documenting the risk
- Write engineering and training documents
- Plan and lead the InfoSec training program for both IT and the company at large
- Raises Information Security awareness across the organization through training, presentations, written articles
Experience For Senior Engineer Information Security Compliance & Analytics Resume
- Take up role as the audit focal and review artifacts for various audits, both external and internal audit. Managing the entire life cycle for audit
- Define the DDoS engineering team and train them
- Provide consulting services to the customers on their security needs and help new customer come on board
- Work on integrating DDoS product/architecture as a result of mergers
- Host weekly team meeting for management and peers
- Prepare work papers, standard reports and customized reports showing results of the assessment / audit assignments in accordance with defined standards
- Develop and deliver information security awareness, training and educational activities
- Provide supervision/mentoring for more junior teammates
- Ensures individuals have the tools, resources, and information they need
Experience For Head of Information Security & Compliance Resume
- Identify, research, and evaluate new compliance requirements and ensure they are incorporated into Facebook’s security compliance framework
- Bachelors in business or technology desirable
- Identifies opportunities and develops tactical and strategic solutions for enterprise service delivery to meet regulatory compliance requirements in a holistic manner
- Responds to compliance queries from third parties, clients, client reps, legal, advanced product specialists on behalf of the company
- Develop comprehensive cybersecurity metrics programs to identify, analyze, and solve problems, enhancing Verisign’s overall efficiency and security posture
- Manage the ISO270001 for NTT Data’s Infrastructure and Cloud Computing (I&CC) organization
- Participate with the I&CC Service Tower leaders in the definition and implementation of information security policies, strategies, procedures and settings to ensure confidentiality, integrity and availability of I&CC Customers’ environment and data
- Identify, review and recommend information security improvements as they relate to the achievement of NTT Data’s business goals and objectives
Experience For Information Security Compliance & Risk Specialist Resume
- Identify information security weaknesses and/or gaps in the I&CC’s current operations and working with the service tower owners to bring information security operations up to standards
- Provide lead role in managing the company’s HIPAA Compliance Program, and annual assessments with external audit firm including HITRUST certifications
- Significant experience in applying HITRUST requirements to business and technical environments while providing a service oriented leadership approach to maintaining compliance
- Experience supporting security controls, compliance and audit activity within a service provider organization with multiple technologies and architectures; Windows, Unix/Linux, VMWare, Oracle, SQL, Citrix, Cisco, Juniper, IPS/IDS, DLP, APT, and other security devices
- Provide lead role in implementing and managing the company’s PCI-DSS program and annual assessments with external audit partner
- Support sales and customer-facing teams with security due diligence inquiries around the company’s compliance framework and security standards
- Basic understanding of enterprise, network, system/endpoint, application and data protection issues and security risks
Experience For Information Security Compliance Reviewer Resume
- Assist with and coordinate IT business continuity and disaster recovery planning
- Develop, publish, and enforce information security policies
- Interact with both internal and external audit team
- Ensure that information security systems comply with specific privacy policies established by the Chief Privacy Officer
- Conduct periodic audits of Corporate IT and other KEMET IT organizations
Experience For Information Security Compliance Principal Resume
- Certifications as an information security professional (e.g., CISSP, CISM, CISA, GCIH, etc.)
- Oversight and management of the Information Security Framework, Policies, Controls and Procedures
- Provides thought leadership and project management expertise to ensure alignment of the Information Security Framework with regulatory requirements and industry best practice frameworks
- Works with cross-functional teams, partners in assessing and/or re-engineering existing services. Identifies and implements improvements to high risk business processes to prevent compliance violations
- As required, provides guidance and support to others within the IT organization on any and all aspects of the Information Security Framework. Manages and/or supports IT related internal security audits and reviews and external assurance-related engagements such as SSAE 16 SOC, ISO/IEC27001, PCI-DSS
- Directs activities at multiple, geographically diverse sites by working directly with internal teams, external vendors and potential acquisitions in support of the Company’s Security program and broader Information Security initiatives
- Leads, implements, and manages Information Security Management System compliance using frameworks that include ISO 27001, GDPR, PCI-DSS, NIST, and other applicable legislation and best practices
- Innovates and introduces new practices, including technology recommendations, for Information Security based on industry best practice
- Conducts internal audits on internal enterprise technology platforms using industry best practices, applicable standards, and GTS-defined tools
Experience For Information Security Compliance Lead Resume
- Manages the Information Security risk management process and integrates results into the wider IT risk management model
- Provide guidance, governance, and assurance on Information Security related activities and events
- Drafts and implements Information Security policy throughout the enterprise
- Responds to requests on Information Security policy and process
- Leads regional management reviews of the global Information Security Management System
- Leads and supports the global implementation of ISO 27001
- Experience with Information Security compliance within a variety of business verticals Security certifications including SANS GIAC, CISM, CISSP, CEH, CompTIA Security+ are highly desirable
- Strong understanding of on-premise and cloud-based networks
- Exceptional communicator to all levels of the organization
List of Typical Skills For an Information Security Compliance Resume
Skills For Information Security Compliance Manager Resume
- Proven experience in an information security role including experience of working to the ISO 27001 ISMS standard
- Good understanding of system technology security testing (vulnerability scanning and penetration testing.)
- Excellent knowledge and understanding of information risk concepts and principles as a means of relating business needs to security protocols
- Experience working with PCI
- Strong understanding of the financial and performance implications of information security-related decisions
Skills For Director, Information Security Compliance Resume
- Have a good understanding of technical risk management
- Experience/understanding of security operational procedures and technology approaches desirable
- Experience of presenting to senior stakeholders
- Hands-on experience with PCI remediation and reporting for merchants and/or service providers
- Experience in security systems and process planning
- Experience with JAAS, LDAP, and securing J2EE and web applications required
- Excellent understanding of information security concepts, protocols, industry best practices and strategies
- Experience with information security, internal & external audits, contract compliance, and quality initiatives
Skills For Global Information Security Compliance Manager Resume
- Strong data privacy background
- Experience with various hypervisors such as those from VMware & Microsoft
- Application and database security experience
- Security policy, standards, governance, privacy or regulatory experience (e.g., NIST, ISO, HIPAA, PCI)
- Practical experience with regulatory, audit and compliance activities
- Experience in an information security role
- Experience with technology and security concepts is highly desirable
- Progressive experience iT Security or related professional area
- Recent experience as a primary point of security accountability
Skills For Boomi Information Security & Compliance Manager Resume
- Leading in the Continent planning, testing, delivery, and support of key IT and Information Security initiatives
- Staying current with market and industry trends – networking with technology thought leaders
- Promoting the standard security practices, processes, outcomes and results to the organization, including to the enterprise's IT and business leaders
- Contributing to collect and report on IT risk rating on both a periodic and event-driven basis
- Understanding of the following technologies and how to best secure them
Skills For Senior Engineer Information Security Compliance & Analytics Resume
- Working knowledge of the Data Protection Act (1998) and the incoming General Data Protection Regulations (GDPR)
- Ensuring the development and implementation of processes and procedures to comply with IT policies by IT and business areas
- Helping business areas understand and comply with our information security policy and make an informed risk management decisions
- Supporting web-based applications used across the Federal Reserve System
- Coordinating our local security liaison program
Skills For Head of Information Security & Compliance Resume
- Coordinating contingency and business continuity functions on behalf of the Minneapolis Information Technology department
- Working knowledge of industry security frameworks (e.g., ISO2700X, NIST, Cloud Security Alliance)
- Track status of ongoing questionnaires and RFPs Communicate with internal business managers regarding status and negotiations
- Assist in the collection, tracking and reporting of contracts/questionnaires/RFPs and third party information
- Actively working toward information security certifications including but not limited to CISSP
- Support access request processing (particularly via ‘sanity checks’ on requests)
- Periodically evaluate BBVA’s network and system security requirements and recommend and develop the necessary modifications to policies, standards and procedures
Skills For Information Security Compliance & Risk Specialist Resume
- Working with all levels of leadership to executive levels within Corporate
- Alignment with Corporate initiatives and standards and at the same time making sure Continent environment considerations are factored in
- Responsible for Security/Compliance change management communications and training
- Responsible for security and compliance process improvement/reengineering
- Exercise sound judgment in determining when to initiate interdepartmental collaboration
- An understanding of the types of security risk, how to manage/mitigate them
- Broad range of exposure to all aspects of IT security audit planning, audit methodologies, risk management methodologies and contract review
- Monitor and assist in implementation of BBVA Head Office and regulatory agencies’ information security standards, policies, and procedures
Skills For Information Security Compliance Reviewer Resume
- Protect the Confidentiality of the Bank from unauthorized internal and external threats by conducting periodic reviews of BBVA’s critical applications and systems
- Conduct, with the assistance of external consultant, penetration tests to evaluate BBVA NY’s internet and intranet security
- As determined by Continent need and, where necessary, in consultation with relevant Corporate groups, participate as a domain leader on Continent, Global and corporate committees, task forces and working groups ensuring Continent interests are covered
- Represent the company/region in interaction with local data security authorities /regulators
- Governance of the property documentation for application configuration, operating standards, security standards that are applicable to the Continent for focus on Security, regulatory compliance and PII
- Manage the security review and implementation of Continent applications in line with defined corporate and Continent processes
- Responsible for Continent security and compliance procedures and policies creation
- Responsible for the execution of the security review process for applications and vendors
- Provide Information Security Officer with initial response to customer questionnaires and RFPs globally
Skills For Information Security Compliance Principal Resume
- Maintain repository of common responses to security questions from customers and potential customers
- Communicate and coordinate negotiations with internal customers
- Revise documents; participate in the evaluation of supplier proposals and the development of appropriate recommendations; interact with Legal team
- Determine and apply the appropriate security policy and standards for each business transaction
- Generate metrics in support of business support activities
- Through periodic QA, ensure that all responses and related documents are appropriately stored in the agreement repository
- O Provide Information Security Officer with initial response to customer questionnaires and RFPs globally
Skills For Information Security Compliance Lead Resume
- Proficient in all aspects of information security such as firewalls, multifactor and advanced authentication systems, vulnerability scanning, malware detection and prevention, system hardening, encryption (at rest and in motion), PKI design and operation, SEIM systems implementation, auditing configuration, mobile device management, and reporting
- Proficient with standard software such as MS Word, Excel, Project and Visio
- Knowledge of relevant information technology management frameworks such as ISO/IEC 27001, ITIL, COBIT, and NIST
- Diverse security and IT background with knowledge in multiple areas including infrastructure, IT service management, networking, application development and information security-related standards and initiatives
- Evaluate risks to the company and articulate issues, develop consensus, raise awareness, and provide and implement solutions
- CISM or CISSP professional qualification desirable
- The knowledge and ability to create manage and maintain continual service improvement programs and drive the adoption of these programs
List of Typical Responsibilities For an Information Security Compliance Resume
Responsibilities For Information Security Compliance Manager Resume
- Field experience in hotel IT or operations
- Experience with geographically distributed organizations
- Experience to include
- Perform supplier risk assessment planning & execution
- Knowledge in business alignment frameworks like Cobit 5
- Possess basic legal knowledge
Responsibilities For Director, Information Security Compliance Resume
- Manage administratively and lead technically the DDoS team
- Work with the Director to develop delivery metrics, product evolution and operational delivery roadmaps to enable delivery excellence
- Operational DDoS architecture for DDoS support operations
- Tune DDoS platform for faster detection, reduce false positives, and automate mitigations
- Work on multiple DDoS infrastructure – architecture projects
Responsibilities For Global Information Security Compliance Manager Resume
- Work with various levels of upper management from different teams to integrate DDoS protection to protect company’s internal assets
- Works with Engineers/Architects from other teams in projects
- Work with vendors on higher level issues such as software bugs, hardware issues, and upgrades
- Highest level escalation point and participate weekly on-call rotation
- Assists Product Development projects to introduce DDoS product and architecture changes into the production network
Responsibilities For Boomi Information Security & Compliance Manager Resume
- Strong work ethic; ability to occasionally work flexible hours. Excellent organizational skills with the ability to operate in an environment with minimal supervision. Excellent verbal and written communication skill
- CISSP-ISSMP, CISM, CISA or similar industry certifications
- Demonstrate knowledge of a broad range of risk assessment / management concepts to include; Risk Assessment / Auditing Methodologies and Approaches to Information Security Policies, Standards and Procedures, PCI Standards ISO 2700x Standards Legal, Regulatory, Compliance mandates
- Demonstrate knowledge of a broad range of technology / security concepts to include; Security Architecture and Design Application Security Network Security Cryptography
- Evaluate the security, reliability, and integrity of a wide variety of information systems and suppliers
- Assist Sales team with Client information security requests
- Plan, schedule and complete security assessment engagements in accordance with a defined assessment methodology
- Conduct supplier / vendor onsite assessments
Responsibilities For Senior Engineer Information Security Compliance & Analytics Resume
- Produce assessment reports that document assessment findings as well as risks and recommendations
- Knowledge in areas of IT/Security relevant to the role such as security products and technologies
- Desirable acknowledge in Risk Assessment, PCI, ISO 270
- Desirable acknowledge in Risk Assessment, PCI, ISO 27001
- Direct staff management (3 years)
Responsibilities For Head of Information Security & Compliance Resume
- Expert level knowledge in various industry standards and best practices such as PCI, ISO/IEC 27001, SOCI I & II Certifications
- Proven track record in managing and implementing information security governance, risk and compliance programs using industry leading solutions such as RSA Archer
- Work autonomously or as part of a team, within targets and deadlines
- Security industry relevant certifications such as CISA, ISA, CISM, CISSP, CRISC, HISP, etc
- Current information security certification, including Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), PCI QSA/ISA/PCI-P or similar
- Knowledge of China Data protection regulations and law
- Experience in application architecture, technical leadership, solution design, software lifecycle project management and planning, commercial software development and deployment
Responsibilities For Information Security Compliance & Risk Specialist Resume
- Managing via a matrixed organization and impacting decision making with information and collaboration working with all levels of the organization from developers to E-Team members making business oriented decisions, particularly focused on risk
- Certification - CISSP Required, ISSAP designation desired, potentially CCSP
- Support the VP of Information Security in the development and supervision the Risk Management and Policy Development aspects of the Information Security function
- Design and develop a Governance Library suitable for deposition, maintenance, and promulgation of security-relevant policies and technical standards
- Ensure that controls, when implemented, yield appropriate evidentiary deliverables, and that these materials are gathered, protected, and maintained appropriately
- Develops, maintains and publishes up-to-date information security policies, standards and controls
Responsibilities For Information Security Compliance Reviewer Resume
- Drives the automation and implementation of information security controls for design, development, and implementation
- Drives and facilitates information security governance Compliance
- Develops, socializes and enforces technology Information security policies, standards and controls necessary to maintain compliance with industry regulations and best practices
- Maintains current knowledge of applicable regulatory and compliance issues related to Information Security
- Provides subject matter expertise on a broad range of information security standards and best practices, such as NIST, PCI, ISO 27001 and others as applicable
Responsibilities For Information Security Compliance Principal Resume
- Audit assessment qualifications
- Manage risk remediation plans
- High level knowledge of IT Networks, systems and platforms
- Coordinates the efforts of other IT and business units to ensure compliance with federal and industry regulations and requirements as required. Acts as a key contact with internal audit to ensure compliance with internal corporate compliance programs and external regulations and requirements as necessary. Provides support and guidance on system auditing and system testing
- Participating in the creation and evolution of Premier’s Security Policies and Standards and the dissemination education of the same through active engagement in key development initiatives on a consulting basis. Design and disseminate a robust Security Awareness Program throughout the company both for the average user and the technical development staff
- Understanding, advocating, and supporting the enterprise's compliance and regulatory requirements and appropriate risk posture in our highly regulated business. The integration of risk appetite, business direction, and monitoring of compliance in all necessary venues to drive the business to acceptable risk levels maximizing investment through efficient mitigation processes