Gravity IT Resources
Job Title: Sr Security Compliance Manager
Location: Hybrid (Boca Raton, FL)
Job Type: Contract
Employment Eligibility: Gravity cannot transfer nor sponsor a work visa for this position. Applicants must be eligible to work in the U.S. for any employer directly
This position reports to the Security Risk and Compliance Office (SRCO) Manager. The candidate will have hands-on experience performing PCI_DSS assessment, SOC2 Type1 and Type2 audits, developing KPI and reporting matrix, and formulating cost-benefit analysis to help align SRCO and Network Operations technology solutions with business initiatives and delivery. Have a good understanding of Network and Security technology solutions and can articulate them to meet current and future FTE’s Information Technology and business initiatives.
Duties and Responsibilities
- Work with SRCO and Network Operations team to develop and maintain a comprehensive list of Information Security and Network Operations hardware deployment in FTE’s data centers and roadside sites.
- Maintain and enhance SRCO and Network Operations software and tools to identify licensure, including annual renewals.
- Work with the TDC procurement team to explore opportunities for consolidating renewals.
- Develop and maintain Department’s KPI and create monthly and quarterly reporting for the leadership.
- Perform annual review and adhoc changes in Information Security Policies and ensure compliance with Florida State Statues, FDOT, PCI-DSS, and industry best practices.
- Perform annual PCI assessment for the Department, including coordination with internal teams and thirdparty vendors. Ensure that reporting requirements meet the established timeline.
- Coordinate and perform Department’s SOC2 assessment. This includes coordination with both the internal teams and external parties to obtain documentation and ensure that established timelines are met.
- Assist Department with annual and adhoc audits for compliance with State of Florida status and established compliance requirements.
- Assist with managing supply chain oversight, including establishing, maintaining, and performing a risk assessment. Develop risk matrix and management reporting. –
- Manage vulnerability program to ensure remediation based on established Service Level Agreements, including PCI-DSS and Cybersecurity Frameworks.
- Develop management reporting.
- Assist the SIRT team in formulating testing schedules, conducting tabletop exercises, and facilitating lessons learned workshops and management reports.
Required Experience and Skills
- Must have 5 to 7 years hands-on experience in performing PCI-DSS assessment
- Must have 4 to 6 years hands-on experience with SOC2, Type1, and Type 2 assessment
- Strong experience with managing and organizing Security Incident Response Team (SIRT) activates
- Must have 5 to 7 years of experience using GRC tools such as Archer and ServiceNow.
- Must have 3 to 4 years hands-on experience in performing IT business processes and costbenefit analysis.
- Must have strong presentation and written communication skills.
- Strong working knowledge of Excel, Visio, MS-Word, and developing PowerPoint presentations.
- Have a good understanding of Information Technology tools and technology supporting overall IT organization and business.