Website Spirit Airlines
The Senior Manager IT Compliance will create, maintain, and make recommendations to improve, processes and procedures to ensure compliance with government and industry regulations and standards such as Sarbanes-Oxley (SOX), PCI DSS, CCPA and GDPR and perform audits of these processes and procedures for compliance. Establish processes and procedures for auditing the correct application of automated Identity and Access Management. Additionally, the Senior Manager will create, maintain, publish and communicate (through training and education sessions) the Spirit IT Risk registry and provide appropriate reporting on risk mitigation and coordinate the approved actions necessary to mitigate IT risks.
- Assess Business Process to ensure that they are SOX compliant.
- Effectively manage internal and external auditor requests.
- Ensure timely delivery of completed of Sarbanes-Oxley required user access reviews, with respective remediation to IT Security Management.
- Create a testing procedure for compliance with change management procedures.
- Achieve SOX/PCI compliance, with (0) material findings.
- Act as liaison between Auditors and Technical teams by coordinating requests for information and by coordinating responses to any observations.
- Assist in the creation and maintenance of a compliance, privacy and security training curriculum for the IT department and general employee groups.
- Create and evaluate testing measures that demonstrate understanding and application of the training material.
- Analyze access requests for potential data privacy issues, segregation-of-duties conflicts, and prepare relevant access forms.
- Maintain and suggest areas of improvement for IT Change Management.
- Work with external PCI-QSA to ensure that system designs are vetted for potential PCI compliance conflicts before these designs are implemented.
- Prepare for both Internal and External SOX audits by maintaining/updating the master inventory of SOX controls.
- Perform user access reviews and ensure respective remediation is performed in a timely manner. Perform the periodic compliance tests necessary to demonstrate compliance with applicable laws, regulations and standards such as SOX, PCI, CCPA, GDPR.
- Consult with project teams on PCI requirements as they relate to system changes, product reviews, contracts, and RFP responses.
- Schedule quarterly PCI scans and annual Internal and External Penetration Tests, and work with Technical teams to ensure that Medium and High-Risk Vulnerabilities are addressed.
Qualification & Experience:
- Exceptional written and verbal communication skills, with ability to explain complex technical problems to wide range of vendors and coworkers.
- Experience/Knowledge with network security concepts such as Firewalls, IPS, VPN, Advanced Threat Protection, and Proper Network Segmentation.
- Experience/Knowledge in the following areas: Active Directory, security concepts, eDiscovery, Encryption, Identity Management, Log Management, Risk Assessment, and security principles/best practices.
- Advanced degree preferred
- Bachelor’s degree in Computer Science, Information Systems or similar field
- Experience with Access Control, Privacy & Compliance requirements.
- Effective time management.
- Work with technology teams through the daily management of compliance tasks, including identity management, compliance management, vulnerability management, change management, reporting, and audit facilitation.
- Adept at testing and learning new technologies.
- Experience collaborating with auditors to demonstrate compliance with internal and external standards.
- Build strong working relationships within business units to aid in compliance and privacy adherence.
- Ability to use or develop appropriate reports.
Company: Spirit Airlines
Vacancy Type: Full Time
Job Location: Sarasota, FL, US
Application Deadline: N/A