Principal, SaaS Security and Compliance
CA Technologies provides IT management solutions that help customers manage and secure complex IT environments to support agile business services. Organizations of all sizes leverage CA Technologies software and SaaS solutions to accelerate innovation, transform infrastructure and secure data and identities, from the data center to the cloud.
This position will provide oversight and day to day management of security-focused services to ensure that information and infrastructure is protected through regular evaluation, validation, and reporting. The position will manage the Information Security Risk Framework, regularly review the effectiveness of security controls, develop programs to maintain a comprehensive understanding of the current and future security risks to the organization, and regularly report on these results to the VP of Governance, Risk and Compliance and appropriate governance bodies.
The Principal must possess strong analytical, communication, and management skills with knowledge of Information Security best practices and technologies.
CA Technologies is a Fortune 1000 company with a startup mentality – and we’re searching for incredible, bright talent to dominate in the marketplace. Sure, CA has been a leading software company for nearly four decades, with a global customer base that includes the majority of the Fortune 2000 – but what excites us today is the opportunity to redefine the future of our industry in the age of the cloud, mobile, social and big data. We have a daring vision and a powerful, expanding solution set that helps the world’s most successful companies realize their boldest objectives. For more information, visit www.CA.com/innovation.
- Assist in identifying emerging security risks and vulnerabilities affecting CA SaaS’s environment and developing/communicating appropriate mitigating controls.
- Develops, maintains, and delivers risk evaluation toolsets, processes, and procedures in support of Information Security best practices and Audit, Compliance, and Regulatory obligations.
- Participates in Compliance Monitoring for Security Controls, Policies, and Requirements.
- Establish and provide oversight for self-assessment and readiness programs for Information Security Risk evaluation tools, systems and processes.
- Deliver best practice risk evaluation toolsets for use within all aspects of the Information Security program
- Prepares and delivers monthly and quarterly reporting to senior leadership and executive management
- Leverage the GRC Application environment to support all aspects of this team and function
- Excellent written, oral and presentation skills and an ability to synthesize information and make clear, concise recommendations on course of action
- Proven track record of successfully managing information security risk programs within the payment industry and/or regulatory environment
- Ability to keep pace with demands of business by anticipating problems, proffering appropriate solutions and providing the leadership to effectively implement change
- Self-driven with strong leadership skills, with demonstrated excellence in leading diverse teams in a global environment.
- The ability to set the appropriate tone at the top, motivate staff, foster a positive culture of mutual respect and the highest ethical standards.
- Flexible and creative thinker with strong execution skills, and the ability to provide thought leadership and wield influence beyond areas of direct responsibility
- 5+ years of work experience in Information Security, Audit, Risk, and/or Compliance and Reporting activities, preferably for financial and/or technology companies.
- Must have 5+ years direct participation and experience across common industry security policy areas, including, but not limited to ISO2700, Fedramp, FISMA, NIST, COSO, COBIT, PCI, FFIEC, SOX, SSAE16, and others.
- Subject-matter expertise in information security subject matter areas (e.g. access management, data security, vulnerability management, etc.)
- Experience providing information security or information technology consulting services to a broad range of companies and/or federal and state agencies.
- Solid understanding of Enterprise Risk Management and Strategy frameworks as well as understanding of current enterprise threat scenario as related to financial industry.
- Superior analytical and problem solving skills.
- Demonstrated ability to manage implementations of large-scale, complex, multi-disciplined, cross-functional and highly visible projects/programs.
- Bachelor’s Degree in Business, Information Systems Management (or related field) or equivalent work experience in the Technology/Security space.
- Proven experience working with multiple individuals on internal and external delivery and communication initiatives.
- Ability to synthesize a variety of data points into comprehensive and effective reporting.
- Strong executive presence and communication skills – experience in Audit/Compliance/Regulatory discussions and proactive readiness activities with internal partners and external customers/clients. ·
- Experienced at presenting information to all levels, with ability to communicate and facilitate group discussions and debate across geographic, functional lines and levels.
- Delivers effective and strong documentation to support compliance and certification audits.
- Must be extremely flexible and able to manage multiple tasks and priorities on very tight deadlines.
- Ability to prioritize deliverables and projects to meet timelines efficiently, to adapt to changes in priorities quickly.
- CISSP, CISA Certifications preferred
- Big 4 or Fortune 500 experience is a plus
Nice to Have:
- Practical experience managing multiple large-scale compliance/audit projects simultaneously, strong internal consulting, customer account management, and defining engagement scope, negotiating commitments, gathering requirements, defining deliverables, designing integrated solutions, and overseeing technical implementations considered a plus.
- Big Four consulting experience considered a plus (EY, PwC, KPMG and Deloitte)
- Proven experience proposing enterprise level solutions to mitigate risk
If you want to fulfill your potential, be acknowledged for your achievements, and be given autonomy to make decisions for your business and customers; if you want to work with a company that respects you as an individual – recognizing both your needs at work and your responsibilities outside of it – then CA Technologies is where you belong.
At CA Technologies your passion and expertise can directly impact the business and you’ll help offer our customers practical approaches to delivering new, innovative services and value through IT.
We offer competitive salary, company-sponsored premium Medical/Prescription & Dental Plans, company-paid Holidays, Vacation, Anniversary Service and Sick Days, 401(k) Plan, Education/Training Reimbursement, Charitable Gift Program, Adoption Assistance Program.
Learn more about CA Technologies and this opportunity now at http://ca.com/careers
We and all of our subsidiaries are equal opportunity employers. As such, it is our corporate policy to fill positions with qualified candidates regardless of the candidate’s race, color, sex, age, religion, ancestry, national origin, citizenship status, marital status, sexual orientation, gender identity, genetic information, disability, pregnancy, military status, veteran status or any other protected group status.
Note to Recruiters and Placement Agencies: We do not accept unsolicited agency resumes. Please do not forward unsolicited agency resumes to our website or to any of our employees. We will not pay fees to any third party agency or firm and will not be responsible for any agency fees associated with unsolicited resumes. Unsolicited resumes received will be considered our property and will be processed accordingly.
If you require an accommodation with the online application process, please contact Talent Acquisition at 1-800-454-3788.
Back to top