This position will be responsible for engineering and operating Tokenization Services, developing supporting programs and roadmaps and operationalize the program. Ideal candidate must be fluent in Cryptographic Services technologies and methodologies, including Encryption Key Lifecycle Management, Hardware Security Modules (HSM), x.509 Certificate Lifecycle Management, Private Key Infrastructure (PKI), Database encryption solutions and Tokenization Solutions, root cause analysis and risks management, security best practices standards, and audit and regulatory frame works.
Duties
• Develop, deploy and manage target state Tokenization technologies both on premise and in cloud services.
• Manage full lifecycle of design, engineering, system administration and daily operations of Tokenization products, technologies and services with a focus on continuous service improvement.
• Manage and mature Tokenization program-related controls, documentation, testing and alignment with risk management framework.
• Create requirements for evolving Tokenization technical controls, supporting technologies, security best practices in conjunction with security architecture.
• Assess business requirements of the various lines of business and align solutions to balance enablement of the business with appropriate security controls.
• Create, document and manages the business process aspects of the Tokenization initiative including process and procedure manuals, training, employee communication, workshops, business unit orientation and on-boarding, and team meetings.
• Deliver measurable metrics reporting, Key Risk Indicators (KRI’s) and Key Performance Indicators (KPI’s) that will be used for reporting to stakeholders and board of directors and continuous improvements for the program.
• Work with various Audit, Compliance and Assessment teams and programs to identify, assess and mitigate operational risks, evaluating the adequacy and effectiveness of the platform, standards, procedures, processes, and internal controls.
• Oversee adherence to applicable Security Controls, Policies, and Standards; partner with business owners and technology groups to synchronize plans to remediate gaps.
Education
• BS/MS in Computer Science or Business with emphasis in IT or equivalent.
• Relevant cyber security certifications, such as CISSP, CISM, are optional, but highly desired.
Experience
• 10+ years of IT security engineering and Risk and Compliance related experience.
• Experience in implementing Data Protection- Tokenization technologies and solutions.
• Experience in leading and managing engineering and operational staff aligned to Cryptographic Services- Tokenization.
• Experience with Enterprise Encryption Key Management, HSM, Certificate Management, PKI and related software solutions, design and implementation both on premise and in the cloud.
• Experience interfacing with executive leadership to present both situation reports and business proposals for strategic change/improvements.