Cyber Compliance Director- Payment Card Security

We are the leading provider of professional services to the middle market globally, our purpose is to instill confidence in a world of change, empowering our clients and people to realize their full potential. Our exceptional people are the key to our unrivaled, inclusive culture and talent experience and our ability to be compelling to our clients. You'll find an environment that inspires and empowers you to thrive both personally and professionally. There's no one like you and that's why there's nowhere like RSM.

CyberCompliance Director (Payment Card Security and Technology/Media/Entertainment)

In order to address the most critical needs of our clients, RSM US LLP has established the Security and Privacy Risk Consulting (SPRC) group, comprised of dedicated cybersecurity professionals dedicated exclusively to serving the cyber security and information protection needs of our clients. This group includes experienced consultants located throughout the country dedicated to helping clients with preventing, detecting, and responding to security threats that may affect their critical systems and achieving regulatory compliance related to the handling, processing and protection of sensitive information. We serve a diverse client base within a variety of industries, and we are relied upon to provide expertise within areas of information security risk management, security testing, enterprise architecture, governance, regulatory privacy compliance, and digital forensics.

We are looking to hire a Director for our Security and Privacy Risk practice, specifically to build and enable the growth of our cybersecurity compliance services across the Technology, Media and Entertainment industry focused on cybersecurity frameworks and related data protection requirements (e.g., payment card security) .The Director of CyberCompliance will be responsible for enabling the broad growth of cybersecurity service offerings, while understanding industry specific cybersecurity risks, payment card security requirements, through assisting organizations with establishing an effective data protection program designed to safeguard critical assets, including but not limited to the cardholder data environment. This team will focus on assessing, designing and implementing cybersecurity risk management practices including network segmentation, vulnerability program management, data classification, encryption, de-identification, and sensitive data monitoring solutions to enable cyber regulatory alignment for data rich organizations.

Responsibilities

Continue building our payment card industry practice through expansion of team size and skill sets
Provide oversight and training to managers and staff during the delivery of payment card industry and other cybersecurity services to ensure quality delivery while allowing staff to learn and grow
Use proven business development skills to acquire additional clients and expand relationships with existing clients
Identify business opportunities and enhance go-to-market strategies targeting consumer product and service organizations needing payment card industry compliance services
Be able to communicate to clients regarding the strategic and tactical risks of account data protection, regulatory compliance, breach response, etc.
Assess payment card compliance maturity and help clients in building and implementing sustainable PCI compliance program
Support organizations through assessing, developing and implementing information governance frameworks.
Support clients in designing and supporting their payment card industry and cyber compliance programs including operation processes, technology and guidelines
Communicate complex technical issues to client senior management through the ability to transform and summarize such data into layman and executive style reports and presentations
Ensure revenue goals are being met and client service offerings are responsive to the changing needs in the business environment
Required Qualifications

Active or former PCI QSA certification, with experience preparing Level 1 and Level 2 PCI DSS Reports on Compliance (ROCs) or 3+ years PCI DSS experience with one or more of the certifications below
Experience with or basic working knowledge of at least some typical cybersecurity program components and common supporting workflows, including but not limited to:

Regulatory monitoring
Business requirements definition
Data inventory and information flow mapping
Cybersecurity risk management
Third party vendor management
Interactions with consumers / individuals (data subject requests)
Incident management and breach notifications

Bachelor's degree in an information technology, business, or related discipline from an accredited college/university
7+ years of related work experience in cyber compliance consulting or equivalent academic experience with a commensurate advanced degree
Certifications related to cybersecurity and audit such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA)
Willingness to travel up to 30%, including international destinations requiring a passport, on short notice and for potentially extended periods of time
Technical knowledge and ability to speak to common topics in one or more of the following: network and IT infrastructure, common application and database design, IT governance and risk management, third party management, incident response, knowledge of typical network and IT security components
Working knowledge of key cybersecurity compliance standards and regulations, including but not limited to PCI, NIST CSF, GLBA, etc
Proven people skills demonstrated thorough knowledge and/or a proven track record of success with operating in a professional services firm, large consultancy or similar setting
Proven ability to effectively collaborate, especially with cross-functional teams
Preferred Qualifications

Demonstrated record of working with diverse organizational stakeholders, including management, business, marketing, HR, IT, Legal and others
Advanced degree with a focus on data protection, privacy, or a related field
Excellent written, oral, presentation skills, innovative thinker
A proven record of success working seamlessly in a virtual environment to complete projects with team members based in various locations, domestically and globally
Demonstrates creative thinking, individual initiative, and flexibility in prioritizing and completing tasks, particularly in face of a rapidly changing technology, regulatory, and cultural landscape and shifting client priorities
Keeps up to date with the Security and Privacy Industry - following the industry's advancements, challenges, and discovery

At RSM, we offer a competitive benefits and compensation package for all our people. We support and inspire you to prioritize your wellbeing by delivering personalized, holistic programming for your physical, emotional, financial and community wellbeing. RSM has a generous time off policy with at least 14 paid holidays, wellbeing days and associate and above access to self-managed time off. We offer flexibility in your schedule, empowering you to balance life's demands, while also maintaining your ability to serve clients. Learn more about our total rewards at https://rsmus.com/careers/working-at-rsm/benefits.

RSM is proud to be an Affirmative Action and Equal Employment Opportunity employer. We are proud to provide our employees with tools to assist them in being successful in achieving both personal and professional goals. We welcome and support all our employees to thrive in an environment free of discrimination and harassment. As an Affirmative Action and Equal Opportunity Employer all applicants will receive consideration for employment as RSM does not tolerate discrimination and/or harassment based on race; color; creed; sincerely held religious beliefs, practices or observances; sex (including pregnancy or disabilities related to nursing); gender (including gender identity and/or gender expression); sexual orientation; HIV Status; national origin; ancestry; familial or marital status; age; physical or mental disability; citizenship; political affiliation; medical condition (including family and medical leave); domestic violence victim status; past, current or prospective service in the US uniformed service; pre-disposing genetic characteristics or any other characteristic protected under applicable federal, state or local law.

Accommodation for applicants with disabilities is available upon request in connection with the recruitment process and/or employment/partnership. RSM is committed to providing equal opportunity and reasonable accommodation for people with disabilities. If you require a reasonable accommodation to complete an application, interview, or otherwise participate in the recruiting process, please call us at [redacted] or send us an email at [redacted].

RSM does not intend to hire entry level candidates who will require sponsorship now OR in the future (i.e. F-1 visa holders). If you are a recent U.S. college / university graduate possessing 1-2 years of progressive and relevant work experience in a same or similar role to the one for which you are applying, excluding internships, you may be eligible for hire as an experienced associate.

Compensation Range: $137,200 - $276,100

Individuals selected for this role will be eligible for a discretionary bonus based on firm and individual performance.
#J-18808-Ljbffr