Information Security Compliance Consultant

Company Description

Visa is a world leader in payments technology, facilitating transactions between consumers, merchants, financial institutions and government entities across more than 200 countries and territories, dedicated to uplifting everyone, everywhere by being the best way to pay and be paid.

At Visa, you'll have the opportunity to create impact at scale — tackling meaningful challenges, growing your skills and seeing your contributions impact lives around the world. Join Visa and do work that matters — to you, to your community, and to the world.

Progress starts with you.

As Information Information Security Compliance Consultant - Featurespace, you will help us achieve our goals and deliver success on behalf of our customers by:

• Building and overseeing our Information Security controls framework and environment in line with industry standards to ensure enterprise-wide security compliance with Visa Key Controls and Customer expectations.
• Collaboratively creating, implementing and maintaining security policies, standards and procedures which improve our posture in alignment with industry best practice, internationally recognised compliance standards and Visa Policies and Key Controls.
• Ensuring the annual successful execution of all compliance recertification efforts by leading and coordinating our preparation, responses and submissions for certifications such as PCI DSS, SOC2 and DORA, etc.
• Providing assurance to our customers by coordinating the responses to customer RFP questions and customer audits in the Information Security area.
• Coordinating with and supporting the Visa Legal, Governance, Risk & Compliance teams in understanding and quantifying security risk, responding to third-party requests and performing security assessments of our suppliers, their products and services.
• Driving security awareness, promoting security within Featurespace and collaborating with our customers and industry partners to develop the maturity and standing of security within our industry.
• Acting as a subject matter expert on compliance requirements and consulting across the enterprise to ensure our products and services are secure and compliant by design and facilitating the timely closure of gaps and findings identified through the Visa vulnerability management and secure assessment processes.

Responsibilities:

As a company we hire people with a willingness to adapt to a variable role, so along with the key responsibilities below, we ask for ownership of any other duties as required.

• Create, review, update and complete information security policy, standards, and guidelines, maintaining document management disciplines and dependency mapping, consulting with and coordinating the input of SMEs as needed.
• Conduct security risk assessments, business impact analyses and recommend appropriate control improvements. Provide oversight and assurance of corrective, preventative or remediation activities, escalating issues at risk of missing deadlines in a timely and efficient manner.
• Maintain and govern Featurespace risk records within Visa risk management tooling, working in collaboration with the Visa Governance, Risk and Compliance team and identified Featurespace Risk Owners to document and quantify risks, track remediation plans, support risk acceptances and exception requests, and facilitate regular risk reviews, prioritisation, and overall residual risk reduction.
• Coordinate and lead our responses to customer RFP questions and security audits in a timely and efficient manner, helping to create repeatable, re-usable answers and examples for common questions and ensuring all responses are traceable to SMEs and responsible teams within the organization. Represent the Information Security Department directly with customers when required.
• Stay up to date with the latest security and technology trends and development. Research and evaluate emerging security threats and closely monitor and understand current and potential changes to compliance frameworks and regulations, making recommendations on mitigations and programs for the organization to address them.
• Coordinate Security Awareness and Training sourced from the wide Visa Cyber team to ensure that security architecture and compliance concepts and best practices are embedded throughout the Featurespace business and product teams. Develop, facilitate and deliver education and training tailored for Featurespace Teams as required to uphold compliance.
• Consult with internal teams, clients, auditors, and regulators regarding information security compliance, and related topics as necessary. Act as a subject matter expert when internal teams have questions/need guidance and be a liaison with external compliance advisory firms as well as the governing body and industry communities.
• Liaise with internal teams and stakeholders (e.g. Legal, Privacy, GDPR, Risk and Compliance) in relation to security compliance to ensure coordination of requirements, agreed controls and shared…