IBM Information Security & Privacy Compliance Specialist in AUSTIN, Texas
The shift toward the consumption of IT as a service, i.e., the cloud, is one of the most important changes to happen to our industry in decades. At IBM, we are driven to shift our technology to an as-a-service model and to help our clients transform themselves to take full advantage of the cloud. With industry leadership in analytics, security, commerce, and cognitive computing and with unmatched hardware and software design and industrial research capabilities, no other company is as well positioned to address the full opportunity of cloud computing. We are looking for an Information Security & Privacy Compliance Specialist in Austin, TX to join our Cloud Innovation Lab team, who innovates & shares our passion for winning in the cloud marketplace. The Cloud Innovation Lab is a team dedicated to ensuring that IBM Cloud is at the forefront of cloud technology, from data center design to network architecture to storage and compute clusters to flexible infrastructure services. We are building IBM's next generation cloud IaaS platform to deliver performance and predictability for our customers' most demanding workloads, at global scale and with efficiency, resiliency, and security. As an Information Security & Privacy Compliance Specialist, your primary duty is to ensure that the Genesis organization achieves a sufficient level of compliance with relevant information security and privacy-related obligations imposed by laws, regulations, standards, contracts, policies etc. This involves proactively identifying and assessing the obligations, developing suitable responses and, in conjunction with various other parties, adopting suitable controls, policies, procedures, compliance metrics, awareness/training, monitoring and enforcement activities. You will also acts as a professional advisor on information security and privacy compliance matters; liaises closely with other governance, risk management, information security, privacy and compliance experts, assists with the drafting, review and implementation of the Genesis ISMS compliance elements of information security and privacy policies; prepares reports concerning compliance failures, breaches or incidents; owns the information security and privacy parts of the compliance database; and has a leadership/advisory role in the identification, management and eventual resolution of exceptions and exemptions. Responsibilities:
Oversee all ongoing activities related to the development, implementation, maintenance of, and adherence to IBM Genesis Cloud policies and procedures covering the privacy and security of, and access to, protected information as well as other protected personally identifiable information, financial information, and other proprietary information in compliance with applicable state and federal laws and regulations.
Familiar with risk analysis processes and risk management related to privacy and security.
Oversees, administers, prepares and conducts appropriate privacy, security, and related education and training for appropriate personnel.
Reviews, proposes, and revises compliance policies and procedures.
Perform compliance reviews of vendors, partners and clients.
Work with a variety of cross-functional teams to ensure compliance with laws, regulations and policies. These include, but are not limited to, Product and Development teams, Human Resources, Legal, Information Security and operation security teams.
At least 5 years’ work experience in the area of Information Security Risk Management
At least 5 years’ work experience in the area of Compliance and Enforcement
Working knowledge or experience with conducting, participating in or supporting NIST 800-53 r4 assessments, PCI assessments, HIPAA assessments or ISO 27001 assessments
Experience with moderate impact system
Must have a demonstrated understanding of IT security principles, concepts, policy and regulations.
Demonstrated ability to effectively document security controls.