Clearly defining, developing, and maintaining policies, processes, and technical standards.
Reviewing risk findings, determining fix teams, assigning work through the appropriate channels, and reporting remediation efforts and related challenges.
Auditing systems for evidence of secure configurations or vulnerabilities.
Auditing work records (i.e., tickets/comments) for evidence of compliance to procedures.
Gathering key information for exception requests, including risk details, action plans, and remediation dependencies.
Hosting meetings with members of application, security, and leadership teams to communicate updates and changes to security postures.
Validating submitted evidence meets requirements to resolve risks and compliance issues.
Collaborating with technical teams to improve observability.
Educating application teams on security subject matter.
Good to have PCI-DSS Compliances knowledge/hands-on.
