Director - Cybersecurity Audit and Compliance
- Austin, TX, USA
As the world’s leader in digital payments technology, Visa’s mission is to connect the world through the most creative, reliable and secure payment network - enabling individuals, businesses, and economies to thrive. Our advanced global processing network, VisaNet, provides secure and reliable payments around the world, and is capable of handling more than 65,000 transaction messages a second. The company’s dedication to innovation drives the rapid growth of connected commerce on any device, and fuels the dream of a cashless future for everyone, everywhere. As the world moves from analog to digital, Visa is applying our brand, products, people, network and scale to reshape the future of commerce.
At Visa, your individuality fits right in. Working here gives you an opportunity to impact the world, invest in your career growth, and be part of an inclusive and diverse workplace. We are a global team of disruptors, trailblazers, innovators and risk-takers who are helping drive economic growth in even the most remote parts of the world, creatively moving the industry forward, and doing meaningful work that brings financial literacy and digital commerce to millions of unbanked and underserved consumers.
You’re an Individual. We’re the team for you. Together, let’s transform the way the world pays.
This hands-on leadership position will serve as part of Visa's Cybersecurity Audit and Compliance (A&C) function within the Cybersecurity Governance Risk and Compliance (GRC) team, reporting to Sr. Director, providing oversight, coordination, and delivering the activities that support successful internal audits, external audits and compliance, regulatory activities, and external customer/client requests.
This role will assist with validating the ongoing effectiveness of Cybersecurity controls across Visa (both automated and manual), working with technology/business control owners across the Visa organization, evaluating control design and standards in a variety of programs areas with focus and expertise in PCI standards ( DSS, PIN, P2PE).
In addition, this role will support the Cybersecurity Policy and Awareness Program helping drive policy strategy, cyber-awareness content development, and maintain active engagement with senior SME, risk, and business stakeholders across the enterprise to advance program initiatives.
The successful candidate will be a thought leader, able to craft compelling narratives, crisp arguments, and communicate with executive presence but also be strong on execution to effectively balance the individual elements of each of these activities.
Focus on PCI readiness (controls advisory /assessment) and support for annual PCI reviews across existing and new Visa entities.
Support Cybersecurity Policy and Awareness Team by:
Evolving Cybersecurity policy frameworks, controls enforcement and enhancement
Assisting on various Policy Team initiatives
Developing and editing content for Cybersecurity Awareness & Training Program
- Participate in facilitating audits, compliance, and regulatory activities, including, but not limited to: FFIEC, GLBA, SSAE16/ISAE3402, Sarbanes-Oxley (SOX), Internal Audit, & Customer/Client Inquiry using knowledge of the information security, financial, and/or technology regulatory environment and risk management practices
- Work collaboratively with corporate compliance, internal audit, enterprise risk management, regulatory risk and various technical teams in the design and implementation of audit, regulatory, and compliance practices for Information Security
- Promote proactive readiness activities and enhancement of Information Security-based internal controls to support future internal and external reviews
- Develop data points into Information Security risk management reporting activities, including dashboards, metrics, and executive reporting content
- Advices Cybersecurity leadership on the status of technology risk and compliance issues based on assessment results and information from various monitoring and control systems/activities.
- Bachelor’s degree in Computer Science, Information Systems, Management Information Systems, or Business Administration or another related field.
- Significant and relevant technical experience meeting the job description may be substituted for degree requirements.
- 6-12 years of leadership experience in Information Security, Audit, Risk, and/or Compliance.
- Open to experience in other relevant fields (i.e., finance, business administration, information technology, etc.) as long as candidate can demonstrate relevancy to this Information Security based role.
- 6+ years direct participation and experience across common industry security policy areas, including, but not limited to PCI-DSS, ISO, NIST, COSO, COBIT, FFIEC, SOX, SSAE16/ISAE3402, SOC 2 and others. Candidates with experience in Audit/Compliance/Regulatory discussions and proactive readiness activities in a large global financial institution or a matrix organization preferred.
- Broad and deep experience across PCI standards (DSS, PIN, P2PE, Token etc.) with the ability to apply the standards with confidence across different organizational contexts.
Experience of applying industry policy knowledge to support in the creation of Company Information security policy / standards development
Proven experience working with multiple individuals on internal and external delivery and communication initiatives.
- Ability to synthesize a variety of data points, problem solve, and formulate comprehensive and effective execution and risk mitigation plans.
Strong executive presence and exceptional communication skills - experience in Audit/Compliance/Regulatory discussions and proactive readiness activities with internal partners and external customers/clients.
Experience in designing and developing an effective security education and awareness program, including skills such as content writing, strong editorial capability, and delivery of multi-media content, and/or instructional design.
- Ability to influence beyond immediate team and with those of more experience / seniority
- Must be extremely flexible and able to manage multiple tasks and priorities on very tight deadlines.
Excellent Data Analysis skills using Microsoft Excel, SQL, or other scripting languages
- CISSP, CISA, CISM, PCI QSA/ISA Certifications preferred
This position requires the incumbent to be available during core business hours
This position may require the incumbent to attend weekly meetings with AP and UK outside core business hours on a regular basis
This position requires the incumbent to travel for work 10-15% of the time when it is safe to do so.
This position will be performed in an office setting. The position will require the incumbent to sit and stand at a desk, communicate in person and by telephone, frequently operate standard office equipment, such as telephones and computers, reach with hands and arms, and bend or lift up to 25 pounds.
Visa is an EEO Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. Visa will also consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.