1+ months
2018-03-082018-04-29

Senior Compliance Specialist

Siemens
Charlotte, NC
**Senior Compliance Specialist**







Locations:Charlotte, North Carolina











Job Family: Research & Development











Apply







English (US)



























**Job Description**















**Division:** Digital Factory



**Business Unit:** Product Lifecycle Management-PLM



**Requisition Number:** 222806



**Primary Location:** United States-North Carolina-Charlotte



**Assignment Category:** Full-time regular



**Experience Level:** Mid level



**Education Required Level:** Bachelor's Degree



**Travel Required:** 10%







**Division Description:**







New Division verbiage needed







**Job Description:**







**Siemens US Talent Acquisition**







The senior compliance officer (CO) will work with internal teams &



external auditors to identify gaps in existing security controls while



ensuring alignment to industry standards. Previous experience with



assessment and authorization (A&A) or certification and accreditation



(C&A) processes for a large enterprise will be extremely helpful in



this role however the ideal candidate will demonstrate understandingof



security framework commonalities with a deep understanding of tailoring



the security controls. The CO will work internally withteams to



develop documentation while embedding compliance requirements into the



end to end processes. The senior CO will exhibit leadership and show



value as a business enabler for the teams who helps shepherd and embed



compliance into the Siemens PL cloud systems.











In this role, you will build partnerships with the Information



Technology and Operations teams to successfully achieve higher level



GRC (Governance, Risk management & Compliance) related goals and



objectives while maintaining industry compliance activities. This is a



hands-on role where the Compliance Officer must work with a combination



of management, technical, and non-technical staff. The role requires



regular interaction with theCheif Security Officer (CSO) & cloud



services teams accross an enterprise structure so previous experience



within a security department where you performed audits, risk scoring,



security controls assessments, or security compliance activities is a



must.











A successful candidate will be a self-starter, have a solid



understanding of security policies, processes, excellent project



management skills, demonstrated an ability to run multiple, large



initiatives simultaneously, and be a superb manager who will achieve



results while maintaining a high velocity of activity across the



security program. The ideal candidate will be experienced with agile



development methodologies and able to drive agile processes throughout



the security teams.























RESPONSIBILITIES:



* Drive and support the information security compliance related



activities within the group



* Work with the in country compliance officer to ensure the



regulations, policies, procuedures and controls are followed per the



in-country laws for the cloud service offerings.



* Responsible for defining and mapping compliance controls



* Serve as a compliance subject matter expert on FedRAMP, ISO 9001,



SOX, & PCI



* Support modernization activities including the move to cloud-based



services



* Achieve a robust security compliance program



* Demonstrated ability to workwith multiple security compliance



frameworks



* Define & develop model to best implement controls across teams in a



cloud native environment



* Provides subject matter expertise in security compliance activities



and requirements



* Develops security compliance reports while performing tracking



activities



* Interprets compliance deficiencies and enables teams to incorporate



the full spectrum of security compliance requirements into their build



efforts



* Performs documentation updates and develops security compliance



artifacts



* Translates security framework requirements into actionable, tailored,



and appropriate compliance requirements forthe team



* Communicates statuses and shepherds compliance activities throughout



the team



* Supports the security officer as an advocate of information security,



GRC, and privacy programs across the team



- Presents ongoing status and compliance tracking of Siemens



information security compliance program to the in country compliance



officer, management & Chief Security Office (CSO)











- Provides expert-level analysis of compliance requirements to ensure



that Siemens industry certification programs are continuously improved



- Collaborates closely with other departments to ensure that the



information security compliance requirements are met.



- Maintains compliance documentation to support ISO 27001, SOC and



similar compliance requirements



- Supports automated compliance tools and capabilities



- Report and escalate security weaknesses and issues to management as



needed



- Manages relationships with the IT, Information Security, and other



stakeholders



- Lead organizations security compliance management programs



- Drives compliance efforts and provides security compliance leadership



- Manages the full spectrum of compliance projects such as: FedRAMP,



ISO 9001, SOC, and others



- Acts as an advocate of information security, GRC, and privacy



programs across the organization.



- Maintains IT security compliance programs in accordance with industry



standards and requirements



- Prepares reports and performance metrics for IT security compliance



to senior management



- Provides expert-level analysis of compliance activities including



alternatives analysis, security design reviews, and implementation



plans



- Collaborate closely with other departments to ensure that the



information security compliance and risk management requirements are



met.



- Ensures that Siemens maintains compliance to industry security



standards



- Provides project management support to ISGRC and other businessunits



as appropriate in responding to audits and other information requests,



and assists or coordinates the development and oversight of functional



area self-assessments.



- Ensures that all compliance projects are delivered on-time, within



scope, and within budget.



- Coordinates internal resources and third parties or vendors for the



execution of projects



- Report and escalate project issues to management as needed



- Manages the relationships with the IT, Information Security, and



other stakeholders



- Supports in risk management activities to minimize business or



project risks



- Develops detailed compliance project plans to track compliance



statuses



- Other duties as assigned.











* Define & build the compliance and risk management function within the



Siemens PL cloud services



* Manage, oversee, and guide information security policy projects and



tasks



* Lead compliance awareness and training initiatives











* Support compliance officer in achieving industry certifications (e.g.



ISO 9001, SOC, FedRAMP, etc.)



* Lead organizations security policy efforts and policy related



activities for risk management



* Contribute security best practices to Operations strategy planning,



design, implementation, and maintenance activities.



* Ensure the production environment is operating in accordance with



established security procedures and best practices.



* Manages senior policy consultants or other policy analysts where



applicable.



* Manages and aligns security policies to industry standards



* Acts as an advocate of information security, GRC , and privacy



programs across the organization.



* Maintains security policy program in accordance with industry



standards and requirements.



* Prepares reports and performance metrics on security policy for



senior management.



* Provides expert-level analysis of policy activities including: policy



impacts on IT systems; procedural integration and alignment to policy;



alternatives analysis; and policy rollout or implementation plans.



* Writes, edits, and maintains information security policies,



procedures, standards, and guidelines.



* Develops, manages, and maintains enterprise wide phishing campaigns



to test security awareness and training.



* Develops, manages, and maintains enterprise wide security awareness



and training programs.



* Performs contract reviews of data security addendums, vendor



responses, and works to ensure alignment to Siemens PL policies.



* Collaborate closely with other departments to ensure that the



information security policy, compliance, and risk management



requirements are met.



* Ensures that Siemens PL Cloud Services maintain compliance to



generally accepted security practices which are reinforced through



sound security policy.



* Provides project management support to GRC and other business units



as appropriate in responding to audits and other information requests,



and assists or coordinates the responses to policy inquiries.



* Ensures that all policy projects are delivered on-time, within scope,



and within budget.



* Coordinates internal resources and third parties or vendors for the



execution of security projects



* Report and escalate security project issues to management as needed



* Manages the relationships with the IT, Information Security, and



other stakeholders



* Supports in GRC activities to minimize business or project risks



* Develops detailed project plans to track statuses



* Other duties as assigned.























REQUIREMENTS:



* Bachelors Degree in Business, Management, Computer Sciences, or



equivalent prior work experience in a related field



* Senior level compliance experience, including control mapping,



support, mentorship/training, and oversight in an enterprise setting



* 5+ years of experience with mapping compliance controls to process



* Strong audit background and experience



* Ability operate in a fast pased environment with multiple



deliverables



* Familiarity with agile & waterfall SDLC's



* Deep understanding of informationsecurity risk management frameworks



such as ISO 27001, NIST, NIST 800-190, etc.



- Deep understanding & with execution of Privileged Access Management



(PAM)











- compliance experience 10 yrs



- Collaborate with BU's to ensure that all related controls and



measures are implemented, managed, controlled and reported.



- cloud centric experience (2-5 yrs)



- Responsible for coordinating the investigation and resolution of



incidents at the affected units and relevant partners.



- works w/ BU's to suggest & translate the required & best practice



security for architected services



- auotmation framework experience



- nice to have (coding background)



- knowledgable in SDLC & coding standards











* Demonstrated competency in information security management for a



cross-functional environment and with the proven ability to lead



security and technical teams is require



* Experience in creating and maintaining compliance management



schedules to ensure on-time delivery of information security compliance



project



* Current Information Security Certification (e.g. CISSP, CISM, CISA,



or related security certification) preferred or the ability to attain



one within 6 months of hire



* Excellent client-facing and internal communication skills



* Excellent written skills and a demonstrated ability to express



technical requirements in words through technical documentation are a



must



* Strong understanding of security products and concepts such as



firewalls, VPNs, IDS and other security devices.



* 7+ years of IT experience (5+ years with Masters Degree)



* 5+ years experience with open source tools (Linux, Python, Git,



Ansible)



* 4+ years experience developing, tailoring, updating, and managing



security policy lifecycles



* 3+ years of cloud native application security experience



* 3+ years experience system automation with enterprise level



requirements, distributed environments



* 2+ years experience with networking and network/system security,



including firewalls, VPN, routing, switching, load balancers,



monitoring, security and DNS



* Ability to manage goals, track milestones and report on status



* Act as a technical resource for a variety of information security



projects that arise from current business and technological



developments























OTHER REQUIREMENTS:



* Knowledge of risk assessment procedures, policy formation, role-based



authorization methodologies, authentication technologies, and security



attack pathologies.



* Ability to work effectively in both an independent and team



environment.



* Experience in leading or managing strategic thinking and planning



sessions.



* Must have the ability to communicate technical and compliance-related



conceptsto a broad range of technical and non-technical staff,



















**Equal Employment Opportunity Statement**



Siemens is an Equal Opportunity and Affirmative Action Employer encouraging diversity in the workplace. All qualified applicants will receive consideration for employment without regard to their race, color, creed, religion, national origin, citizenship status, ancestry, sex, age, physical or mental disability, marital status, family responsibilities, pregnancy, genetic information, sexual orientation, gender expression, gender identity, transgender, sex stereotyping, protected veteran or military status, and other categories protected by federal, state or local law.











**EEO is the Law**



Applicants and employees are protected under Federal law from discrimination. To learn more, Click here at https://www.dol.gov/ofccp/regs/compliance/posters/ofccpost.htm .











**Pay Transparency Non-Discrimination Provision**



Siemens follows Executive Order 11246, including the Pay Transparency Nondiscrimination Provision. To learn more, Click here at https://www.dol.gov/ofccp/pdf/pay-transp_formattedESQA508c.pdf .

Categories

Before you go...

Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

Share this job:

Senior Compliance Specialist

Siemens
Charlotte, NC

Share this job

Senior Compliance Specialist

Siemens
Charlotte, NC
US

Separate email addresses with commas

Enter valid email address for sender.

Join us to start saving your Favorite Jobs!

Sign In Create Account
Powered ByCareerCast