Information Security Risk & Compliance Specialist, PCI Program

IDEXX•Westbrook, ME

1d•$100,000 - $120,000•Hybrid

About The Position

IDEXX’s IT Risk & Compliance Group is dedicated to safeguarding the organization against various IT risks and ensuring compliance with industry standards and regulations. Key responsibilities of this team include conducting cyber risk training and assessments, managing third-party risk, overseeing SOX compliance, and ensuring privacy compliance across global operations. The team also spearheads the development of governance policies and provides comprehensive risk management consultancy services. Led by an experienced manager, the group consists of 6 seasoned professionals with extensive expertise in risk management, compliance, and security. Despite its size, the team adeptly manages the diverse and complex aspects of IT risk and compliance within IDEXX. As a Senior IT Risk & Compliance Specialist for our PCI program, you will be a functional IT Security Lead influencing the business managers and leading positive changes ensuring that the organization’s operations are conducted in a manner consistent with ethical business practices, organization policies, and legal requirements. Location: being located near our HQ in Maine is required, where you would need to be on-site a minimum of 8 days per month. If you are not local, you would need to be willing to relocate. In this role....

Requirements

5 to 7 years of experience with GRC (Governance, Risk & Compliance), Controls, Risk Assessment, Project Management, or Internal Audit.
Experience in PCI is required for this role.
You have one of these certifications: CISA, CISM, CISSP, CRISC, CRMA or certification eligible
You know how to develop and implement controls and processes through frameworks like NIST, ISO, CIS, COSO, COBIT, etc.
You think strategically and focus on achieving goals together with your team.
You communicate successfully in person and in writing and develop strong relationships with all levels in the organization.

Responsibilities

Maintaining and updating all relevant PCI documentation, including scoping documents, policies, procedures, etc.
Monitoring compliance to the PCI governance program
Facilitating PCI audit(s), being the main point of contact for the QSA
Communicating progress, results, etc.
Conduct system risk and gap assessments.
Contribute to the development and review of security policies and procedures.
Provide risk management consulting services to various teams within the organization, aiding in prioritizing issues for resolution.
Support monitoring against internal standards within the program, acting as the second line of defense before internal audits.
Juggling multiple roles within the team, including risk identification, quantification, and consulting.
Facilitate risk assessments at the operational level, acting as a bridge between tactical and enterprise risks within the organization.

Benefits

Base annual salary target: $100000 - $120000 (yes, we do have flexibility if needed)
Opportunity for annual cash bonus
Health / Dental / Vision Benefits Day-One
5% matching 401k
Additional benefits including but not limited to financial support, pet insurance, mental health resources, volunteer paid days off, employee stock program, foundation donation matching, and much more!

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume