The Hertz Corporation Manager, IT Compliance & Controls, PCI in Oklahoma City, Oklahoma

General Responsibilities

Job Purpose

The Compliance & Controls Manager for Hertz is responsible for ongoing collection of deliverables required for annual Payment Card Industry (PCI) Compliance assessments and for compliance assessments of additional security frameworks, such as, but not limited to, Sarbanes-Oxley Section 404 and ISO27000 standards. The position contributes to security research and development, product evaluations, consulting, project support, and any other operational tasks needed to support the overall requirements of the program and strategy. The Compliance & Controls Manager conducts regular risk assessments on IT operational processes, procedures and policies, analyzes findings, and prepares and presents risk assessment reports.

Key Result Areas

  • Act as main point of contact for the receipt of compliance deliverables.

  • Manages compliance program and ensures all required controls are performed timely by respective control owners in an auditable fashion.

  • Serves as a primary contact and liaison for external auditors and QSAs.

  • Provide subject matter expertise on Information Security policies, PCI, SOX, EU GDPR and security best practices.

  • Monitors for changes to PCI requirements, industry developments, and security framework and regulation changes, and guides organization accordingly to sustain continuous compliance.

  • Identifies and analyzes changes to business processes and infrastructure for impact on company’s compliance with PCI and other requirements, and provides guidance and recommendations for maintaining secure and compliant environment.

  • Conducts risk assessments, security and compliance assessments on IT operational processes, procedures, and policies; interprets audit results and makes conclusions on the adequacy and reliability of controls; prepares and presents reports as necessary.

  • Develops, implements, and maintains IT Compliance controls; reviews existing IT compliance controls for regulatory updates and performs the necessary gap analysis.

  • Assist in the design of security controls, policies, and procedures.

  • Assist in the implementing of enterprise security controls.

  • Identifies and analyzes changes to business processes and infrastructure for impact on company’s compliance with PCI and other requirements, and provides guidance and recommendations for maintaining secure and compliant environment.

  • Provides guidance and subject matter expertise to IT and business teams on processes, controls and objectives around audit and information security activities, best practices and process improvement, and manages assessment reporting and remediation activities.

  • Supports daily operational security activities such as responses to client inquiries regarding the information security program as required.

  • Works with IT and business Management to create clear, actionable plans detailing specific deliverables, timelines and accountability to resolve information security issues.

  • Automate and streamline processes.

  • Develop and document security compliance processes and procedures.

  • Develop and document risk assessment processes and procedures.

  • Contribute to all security risk and compliance metrics for various and regular presentations and other reporting requirements.

  • Contribute to projects internal to Hertz as needed.

  • Assist with general administrative activities in collaboration with all team members.

  • Prepare project plans and associated documentation.

  • Prepare status reports and other management metrics as needed.

  • Act as the liaison with other departments within Hertz.

  • Other duties as assigned.

*LI-CR1

Mandatory Requirements

Educational Background:

  • Bachelor’s Degree in Computer Science, Information Technology, Security or equivalent combination of education and experience required.

Professional Experience:

  • 7+ years of experience working within Information Security programs focused on compliance with policies, procedures, and industry regulations.

  • One or more of the following security certifications is desired (CISSP, CRISC, CISM, CISA, PCI QSA, or PCI ISA).

Knowledge:

  • Project management

  • Understanding of information systems and security infrastructure

  • Working knowledge security framework models such as ISO 27000 series, COBIT, etc.

Skills:

  • Excellent interpersonal skills, including teamwork, facilitation and negotiation

  • Excellent written and verbal communication and presentation skills with the ability to explaincomplex concepts

  • Strong leadership skills

  • Excellent analytical, planning and organizational skills

  • Highly self-motivated and directed with an attention to detail

  • Highly effective at building relationships and fostering a collaborative environment

  • Ability to work independently in a multi-task environment.

  • Proficient with MS Office Tools

  • Ability and willingness to adapt and learn new skills quickly.

  • Possess a flexible, proactive, can-do attitude.

  • Ability to take initiative and exercise judgment

Preferred Requirements

Hertz is a Drug-Free Workplace. All offers are contingent on successful completion of drug and background screening.

EEO/AA: Females/Minorities/Disabled/Vets

Job ID 150086

# Positions 1

Category Information Technology

Division WHQ - Estero - Only

Position Type Regular Full Time