As the world's leading video and ecommerce retailer, QVC has a history of growth and success that goes unmatched. We are an $8.8 billion business that reaches over 370 million homes worldwide. QVC continues to grow on-line, on-air, and through mobile. Ranked as the #3 largest mobile commerce player among multi-category retailers and with nearly 3 million downloads for QVC apps for iPhone and iPad in US, UK and Germany, our global IT organization is expanding and we are in search of tech talent to join our high performing team. We are an innovative, technology-driven company that embraces corporate responsibility and is committed to our people. US Headquarters are located just outside of Philadelphia in West Chester, PA. Whether you’re coming from Center City, the airport, or a suburb with regional rail service, the QVC shuttle service provides a stress-free daily commute to work.
Job Description Details
The Information Security Manager (IT Compliance Testing) is responsible for the protection of business information assets, meeting global security standards and compliance with regulations. This role helps deliver the security strategy to protect confidentiality, integrity and availability of Information assets with a focus on IT compliance testing.
IT Compliance testing responsibilities - to be delivered in line with QVC policies and compliance requirements:
- Develop and implement a global IT compliance testing program.
- Develop, maintain and distribute an annual plan relating to IT based compliance testing.
- Manage the assessment/audit of security controls to determine design and operational effectiveness, conduct testing appropriately.
- Proactively report on control operating effectiveness and compliance status, tailoring reports to suit a variety of audiences. Establish metrics and ongoing measurement.
- Advise on risk, mitigation activities and compensating controls.
- Facilitate internal and external examinations, collaborating to ensure accuracy, efficiency and consistency of reviews.
- Ensure suitable IT compliance testing processes, procedures and documentation are in place, supporting the collation of documents for examiners and driving continuous improvement.
- Proactively identify control failures and potential deficiencies to determine associated impact, severity and compensating controls.
- Provide compliance based advice, expertise and guidance. Share best practice. Assist business groups and controls owners with root cause analysis and action plans to meet requirements.
- Analyze compliance related exceptions, making recommendations on compensating controls, reducing risk and driving closure.
- Advise on IT compliance testing toolsets, ensure appropriate resources operate the tools and maximize performance. Work with Procurement on the purchase and renewal of toolsets, managing supplier relationships
- Review and/or submit attestation and audit reports, providing feedback to business leaders and risk owners.
- Collaborate with QVC internal teams, their agents, and external auditors.
- Monitor, evaluate and recommend Information Security best practices that support the enterprise's risk management approach and continuous improvement.
As a Leader of Others, you will have overall accountability and responsibility for the direct management of people and resources. This will include planning, providing coaching/feedback, fostering teamwork, talent development and timely escalation of issues to senior management.
Potential participation in on-call rotation.
Degree educated or equivalent – Information Security, computer science or other related to support job specifics.
One or more professional security certifications e.g. CISSP, CISM, CISA, or relevant SANS certification.
Proven experience of combined security and\or IT work experience in a position focused primarily on information security.
In-depth knowledge of information security standards, best practices, and common data confidentiality regulations e.g., ISO27001\2, NIST, EU Privacy, PCI, Sarbanes-Oxley, HIPAA, etc.
Demonstrated ability to translate business requirements into appropriate controls in a client-focused environment.
Experience in conducting security and risk-based audits in technology environments e.g. as a lead auditor.
Proven experience in writing audit reports for different audiences
Risk Management e.g. CRISC (preferred)
Project Management e.g. PMP, Prince2, ITIL (preferred)
Payment Card Industry (PCI) Internal Security Assessor (preferred)
Manager Information Security - IT Compliance Testing
QVC, Inc., a wholly owned subsidiary of Liberty Interactive Corporation (NASDAQ: QVCA, QVCB), is the world’s leading video and ecommerce retailer. QVC is committed to providing its customers with thousands of the most innovative and contemporary beauty, fashion, jewelry and home products. Its programming is distributed to approximately 300 million homes worldwide through operations in the U.S., Japan, Germany, United Kingdom, Italy and a joint venture in China. Based in West Chester, Pa. and founded in 1986, QVC has evolved from a TV shopping company to a leading ecommerce and mobile commerce retailer. The company’s website, QVC.com, is ranked among the top general merchant Internet sites.
QVC, Q, and the Q Ribbon Logo are registered service marks of ER Marks, Inc.
As an equal opportunity employer, QVC is committed to a diverse workforce and is also committed to a barrier-free employment process. In order to ensure reasonable accommodations for individuals pursuant to applicable law, individuals that require accommodation in the job application process for a posted position may contact us at CareersUS@QVC.com for assistance.