Rackspace is the world’s #1 provider of IT as a service in today’s multi-cloud world. It delivers expert advice and integrated managed services across public and private clouds, managed hosting, and enterprise applications. Rackspace partners with every leading technology provider, including Alibaba, AWS, Google, Microsoft, OpenStack, Oracle, SAP, and VMware. The company is therefore uniquely positioned to provide unbiased advice on which technologies will best serve each customer’s needs. Rackspace was named a leader in the 2017 Gartner Magic Quadrant for Public Cloud Infrastructure Managed Service Providers, Worldwide and has been honored by Fortune, Glassdoor and others as one of the best places to work. Based in San Antonio, Texas, Rackspace serves more than 170,000 business customers from data centers on five continents. Learn more at www.rackspace.com.
We are seeking a Security Risk and Compliance Management Specialist II. In this role you will act as an advocate in development of overall information security programs globally. You will create and perform global IT Risk and Compliance assessments. Additionally, you will assist in development and execution of information security, compliance, and risk best practices globally through audits, assessments, and policy-making.
- Collaborates across the organization to execute and mature the Risk Assessment process, including following established procedures for processes, methodologies, and reports.
- Participates in cross-functional workgroups and planning meetings to promote ideal solutions that meet the objectives of both the business and the IT Risk, Compliance, and Information Security team. Where ideal solutions cannot be found, escalates control failures and enterprise level risks to management.
- Conducts IT Risk and Information Security due diligence activities relative to vendors and third parties.
- Conducts risk assessments and documents findings where the deviation from an information security or IT Risk policy or standard is desired.
- Communicates the value of Compliance, IT Risk, and Information Security within the team.
- Assists in annual audits for industry specific reports, including PCI, ISO27001, SOC1, SOC2, SOC3, SOX, and CDSA.
- Documents findings where deviations exist through internal or external testing.
- Executes internal control testing according to documented processes.
- Promotes sharing of expertise through consulting, presentation, and documentation.
- Executes cross-functionally to ensure a holistic approach to security and compliance across the organization.
- Executes established compliance processes with IT and Information Security policies, standards, guidelines and relevant legal and regulatory requirements.
- Assists in updating internal control matrices where necessary to support annual changing environments.
- Supports business partners where necessary in dealing with current and prospective clients.
- Assists teammates in coordinating between internal control owners and external auditors, including kickoff meetings, interview requests, closing meetings, and evidence gathering.
- Assists in internal customer audits which include scheduling, presentation of the Rackspace compliance portfolio, and overseeing the successful visit in conjunction with Account Managers.
- Continuously validates the organization against additional mandates, as developed, to ensure full compliance.
- Helps to create risk remediation plans with business owners and follows through in the implementation of changes.