Security Compliance Specialist

Company: Williams-Sonoma, Inc.
Location: San Francisco
Posted on: September 20, 2023

Job Description:

We hope you're interested in building a home with us. Even if you don't feel that you meet every requirement listed in this job description, we still encourage you to apply.
About the Role
As a Security Compliance Specialist, you will help to demonstrate the sustained compliance of the company with requirements for the protection of its high value systems and information assets. The scope of work extends across the corporate environment and its consumer delivery channels and it addresses legal requirements and industry standards such as PCIDSS, SOX, ISO, HIPAA, CA1386, CPRA and GDPR.
Your primary focus is conducting internal PCI-DSS assessments in addition to assisting all business units and functional teams in-scope for external PCI-DSS compliance validation. The ideal candidate will demonstrate industry experience around compliance with PCI-DSS and related standards and will have excellent analytical skills with ability to identify non-compliant issues and ensure remediation using industry standard methodologies. You will assist in defining scope of the compliance assessment, ensure adherence to PCI requirements, develop internal associates through PCI DSS educational opportunities and provide direct and specific mentorship to cultivate an efficient, innovative, and collaborative work environment. You will maintain productive, informative, working relationships with technical and management staff at all levels of the organization.
Responsibilities:

• 
  
• Plan, conduct and establish remediation plans for PCI Assessments.
  
• Actively engage business units at pre-determined times to provide a summary analysis of each business units compliance posture at checkpoints throughout the year.
  
• Identify and recommend changes in procedures, processes and scope of delivery needed to demonstrate sustained compliance with PCI requirements.
  
• Assist with PCI-DSS compliance checklists including review and validation of existing controls, documentation and any potential gaps.
  
• Provide management guidance and expertise for all PCI gaps and help to prioritize remediation targets.
  
• Reduce demand on resource owners for evidence collection and analysis via use of GRC and related security tools as well as the development and implementation of compliance automation technologies.
  
  
  
  • 
    
  • Reduce the company's overall PCI-DSS scope where possible via taking lead on scoping practices and procedures.
    
  • Provide remediation guidance to technical teams to establish and maintain sustained compliance with PCI-DSS.
    
  • Provide long-term cost-effective remediation solutions/recommendations to address systemic issues or gaps that potentially risk corporate PCI-DSS compliance.
    
  • Deploy quarterly phishing simulation training to all internal WSI users, and report on results.
    
  • Recommend fraud mitigation and monitoring solutions.
    
  • Evaluate effectiveness of security controls and validate remediation.
    
    
    Criteria:
    
    • 
      
    • BA/BS or equivalent experience, with 4+ years' experience gained in the information security field
      
    • CISSP, CISM, CISA or similar certification [e.g., GIAC Certified ISO-17799 Specialist (G7799)]
      
    • 4+ years' experience in a PCI support role or engineering position is preferred
      
    • Extensive knowledge and experience with information security standards and methodologies, including the PCIDSS, ISO 9000 series, COBIT, Sarbanes Oxley, HIPAA, and other relevant industry security standards, and an in-depth knowledge of risk assessment and risk analysis
      
    • QSA or ISA is strongly preferred
      
      
      Technical Competencies (Required):
      
      • 
        
      • Experience in an enterprise-class Technology organization, working with large scale Distributed Systems environments
        
      • Excellent written and verbal communications skills
        
      • Leadership role in previous job experience
        
      • Results oriented, self-motivated
        
      • Experience working with, and ideally writing, information security policies and standards and/or developing or implementing security-related tools
        
      • Understand information security holistically and how it relates to business goals
        
      • Excellent written, oral, and interpersonal communications skills with proven ability to champion causes with positive impact and change
        
      • Ability to design, implement, re-engineer and manage complex processes
        
      • Privacy Certification (e.g., Certified Information Privacy Professional)
        
      • Experience interfacing with and communicating information on complex privacy and security compliance issues to senior management and business units and external parties
        
      • Experience presenting IT security issues to large audiences, forums, or communities
        
      • Experience working within the retail sector
        
        
        We believe in People First
        We firmly believe that working in a culture focused on diversity, equity, and inclusion spurs innovation, creates healthy and high-performing teams, and delivers superior customer experiences. Our DEI initiatives prompt associate participation and engagement, aligning with our core vision to reflect the communities where we do business and put people first.
        
        Benefits Just for You
        Depending on your position and your location, here are a few highlights of what you might be eligible for:
        
        • 
          
        • A generous discount on all Williams-Sonoma, Inc. brands
          
        • A 401(k) plan and other investment opportunities
          
        • Paid vacations, holidays, and time off to volunteer
          
        • Health benefits, dental and vision insurance, including same-sex domestic partner benefits
          
        • Tax-free commuter benefits
          
        • A wellness program that supports your physical, financial and emotional health
          
          
          Your Journey in Continued Learning
          
          • 
            
          • In-person and online learning opportunities through WSI University
            
          • Cross-brand and cross-function career opportunities
            
          • Resources for self-development
            
          • Advisor (Mentor) program
            
          • Career development workshops and learning programs
            
          • Speaker series
            
            
            WSI will not now or in the future commence an immigration case or "sponsor" an individual for this position (for example, H-1B or other employment-based immigration
            
            This role is not eligible for relocation assistance.
            
            Williams-Sonoma, Inc. is an Equal Opportunity Employer. Williams-Sonoma, Inc. will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of the San Francisco Fair Chance Ordinance, or other applicable state or local laws and ordinances.
            
            The expected starting pay range for this position is $95,000-$120,000. Applicable pay ranges may differ across markets. Actual pay will be determined based on experience and other job-related factors permitted by law. In addition to competitive pay, compensation may include a variety of other components like benefits, paid time off, merit, and bonus opportunities.
            

Keywords: Williams-Sonoma, Inc., San Francisco , Security Compliance Specialist, Other , San Francisco, California