ARI, part of the Holman Automotive Group and headquartered in Mt. Laurel, N.J., is a billion-dollar global vehicle fleet leasing and management company that prides itself on providing exceptional service. A recognized leader in the industry and the largest fleet management company in North America. Ranked #27 on FORTUNE magazine’s 100 “Best Places to Work” and #17 on Computerworld’s Best Places to Work in IT. ARI has more than 65 years of experience offering its employees a place where their careers and personal development can thrive.
ARI has an outstanding opportunity for a Project Lead Information Security and Compliance Analyst.
Job Purpose: Responsible for implementing and maintaining an Information Assurance program across global commercial and retail business environments. This includes partnering with both technology and business areas to assess, revise and enforce data assurance policies, practices & procedures and manage data security risks.
- Develops and leads assessments and audits, conducting remediation planning activities, tracking risks and driving risk treatment activities through mitigation and closure.
- Ensure audit trails, system logs and other monitoring data sources are reviewed and in compliance with policies and audit requirements.
- Monitors compliance of information security policies. Effectively communicates and reports violations, conflicts, and concerns to management.
- Maintains Risk Register and manages core ISO 27001:2013 ISMS functions
- Coordinates security reviews with independent auditors and internal audit.
- Advises management on best practices, current trends, and pertinent changes in internal/external threats and opportunities in a timely and anticipatory manner. Prepares and presents action plans for implementation/approval.
- Develops, proposes, and implements changes to policies and procedures to ensure operating efficiency, high levels of data assurance and regulatory compliance.
- Provides security and compliance communications, awareness and training for various audiences throughout the organization including senior leaders, technologists, and staff members.
- Consults with technology and the business areas to ensure that data assurance requirements are factored into new business processes and technical solutions.
- Conducts vulnerability, cyber and privacy risk assessments.
- Interfaces with clients to address data assurance concerns and inquiries.
- Performs client and vendor contract language reviews.
Knowledge and Skills:
- Motivated self-starter that is able to work independently and in a team environment.
- Strong verbal and written communication skills. Must have the ability to communicate issues to both a technical and non-technical audiences.
- Ability to develop and maintain strong relationships at all levels of the company.
- Experience with implementation and monitoring of general computing controls, infrastructure security, and application security controls.
- Experience with International Standards Organization (ISO) 27001 and 27002 implementation and testing
- Familiar with IT best practices such as IT Infrastructure Library (ITIL)
- Knowledge of legal and regulatory statutes and industry standards including, but not limited to, Payment Card Industry (PCI), US Privacy Shield, European Union Data Privacy Directive.
- Bachelor’s degree in Computer Sciences, Information Systems or another related field.
- Professional Certifications such as CISA, CISSP, GIAC, or CISM preferred.
- 7 or more years of Information Security, IT Compliance & Risk Management experience.