CenturyLink LEAD CLIENT RELATIONSHIP MANAGER in DENVER, Colorado
CenturyLink (NYSE: CTL) at http://www.centurylink.com/ is the second largest U.S. communications provider to global enterprise customers. With customers in more than 60 countries and an intense focus on the customer experience, CenturyLink strives to be the world’s best networking company by solving customers’ increased demand for reliable and secure connections. The company also serves as its customers’ trusted partner, helping them manage increased network and IT complexity and providing managed network and cyber security solutions that help protect their business.
The Lead Client Relationship Manager works directly with a Customer’s IT representative to help develop and maintain regulatory compliance or compliance to an existing published standard as agreed upon.
The Main Responsibilities
The Lead Client Relationship Manager performs regular assessments of in-place controls as they relate to the contract in order to identify gaps, documents necessary remediation required, creates remediation plans as well as manages and tracks remediation plans to completion. Examples of compliance specialization that a SCA may be able to support given the customer requirements may include (but is not limited to):
GxP quality standards (GxP is a general abbreviation for the "good practice" quality guidelines and regulations) in the Global Life Sciences Industry. The "x" stands for the various fields, including the pharmaceutical and food industries). The governing bodies/laws include, but is not limited to, US FDA, Department of Health Canada, European Medicines Agency (EMA), Japanese Pharmaceuticals and Medical Devices Agency, India’s Central Drugs Standard Control Organization (CDSCO), UK’s Medicines and Healthcare products Regulatory Agency (MHRA). One or more of the regulations under each regulatory body must be adhered to depending on the country of manufacture as well as the product distribution countries (i.e., any drug manufactured in Europe that is distributed to the US must adhere to the laws of both governing agencies).
NIST 800-53 (National Institute of Standards and Technology - security and privacy controls for federal information systems and organizations).
HIPAA (Health Insurance Portability and Accountability Act).
PCI/DSS (Payment Card Industry Data Security Standard).
IRS 1075 (U.S.A. Internal Revenue Service – Federal Tax Information security guidelines).
GDPR (General Data Protection Regulation – European Union).
FedRAMP (Federal Risk and Authorization Management Program).
DISA STIG (Defense Information Systems Agency Security Technical Implementation Guides).
CIS-CSC (Center for Internet Security Critical Security Controls).
COPPA (Children's Online Privacy Protection Act).
MARS-E (Minimum Acceptable Risk Standards for Exchanges) for Medicaid/Medicare
ISO/IEC 27001 information security standard.
The LCRM also provides the CenturyLink Advanced Managed Services team with expertise on the selected compliance standard(s) from the above list, as well as assisting with internal training to assure all CenturyLink and contracted employees are following necessary guidelines to meet contractual requirements.
AMS SCA engagements may be purchased in 40, 80 or 160 hours per month depending on activities to be performed and scope of the engagement. The smaller scope (40 hours per month) is intended to be advisory, where a more robust engagement (160 hours per month) allows for the SCA to become involved in the management of compliance for the client and to perform gap analysis activity (as described below).
The LCRM will perform some of the following activities as selected by the customer, and based on hours per month purchased, to mitigate risk associated with CenturyLink contract compliance. The amount of these tasks that may be performed will also depend on the size of the environment, regulatory standards for compliance, and focus of compliance levels:
The engagement will begin with a preliminary evaluation to determine scope and compliance effort required, auditing tools available in the environment, and number of standards or controls to be assessed for a gap analysis.
During the next phase of the contract, the SCA will perform a gap analysis against the regulatory standard selected by the customer. Depending on the size of the engagement and resources assigned, this initial activity may take 6 – 12 months. During the initial assessment, deliverables include:
Report on gaps, remediation steps and associated change orders.
Document controls in place that meet specific regulations or standards.
Communicate to management, through reports or presentations, compliance metrics and other documentation, which highlight risks.
Begin tracking progress and change in compliance.
Post initial assessment, establish frequency for reporting of ongoing compliance status.
Manage assessments for compliance and produce remediation plans accordingly.
Validate vulnerabilities have been correctly mitigated or remediated.
Establish bridge processes to address gaps in regulatory requirements and service offerings.
Ensure that secure audit trails cannot be altered by confirming controls implemented to limit access.
Audit and review the access controls and methods for subcontractor employees working on customer contract.
Provide guidance on upcoming regulatory standards that apply to the customer’s environment.
Review HR onboarding / off-boarding of employees on customer contract including meeting requirements of completing associated compliance training.
For Information Security Standards, reporting is necessary on any gap in compliance, but the standard priority for CenturyLink SCA is to focus on the following:
Review and enforce strict password strength and expiration policies.
Ensure proper user authentication and password management for users and administrators on all system components.
Review firewall policies at subcontractor locations in which terminate site to site VPN services to CenturyLink infrastructure.
Review physical access controls.
Report on adherence of Data Access Policies to CenturyLink Executive Sponsor.
Ensure timely implementation of application and security patches, anti-virus updates and other associated preventive measures to CenturyLink managed services.
Ensure assigned SAM or SOC/SIEM specialist is reviewing logs for all system components at least daily. Security log reviews must include those servers that perform security functions like intrusion prevention system (IPS) and authentication or authorization.
Strong interpersonal communication, presentation, organization and planning skills.
Must possess initiative with strong analytical, problem solving skills and ability to make complex decisions in potentially ambiguous situations.
Strong understanding of Project Management Methodology including the ability to create and monitor project plans and to drive and develop tasks associated with plan.
Deep understanding of selected compliance standards and controls as they pertain to the contract. More than one Senior Compliance Analyst may be assigned when the customer requires compliance with multiple standards.
Strong leadership qualities and strategic skills.
Ability to work with both entry level personnel and senior level executives
Regulatory Compliance Strategic Planning and Consulting.
Cost Benefits & ROI Analysis of Technology Solutions.
Change Control & Management Program.
Program management and project management.
Continuous Improvement & Best Practices.
Cross-functional Team Leadership.
Mix of consulting and operational experience
In-depth knowledge of CenturyLink offerings, products and services.
What We Look For
Desired Education or Equivalent Experience:
· Bachelor's degree or equivalent experience.
· Minimum 5 to 10 years progressive program management experience, including 5-7 years in consulting or technical security management.
· Demonstrated ability to manage large, complex security or quality programs with multiple projects.
· Demonstrated ability to communicate at all levels within an organization.
· Project Management Professional (PMP) desired.
· For Information Security compliance, the following professional certifications and knowledge base:
Certified Information Systems Security Professional (CISSP) is desired.
Certified Information Systems Auditor (CISA) is relevant.
Certified Information Systems Manager (CISM) is relevant.
Demonstrate knowledge of GDPR and NIST 800-53 no matter the desired security standard by customer.
Alternate Location: US-Colorado-Broomfield; US-Colorado-Denver; US-Virginia-Herndon
Requisition # : 224814
This job may require successful completion of an online assessment. A brief description of the assessments can be viewed on our website at http://find.centurylink.jobs/testguides/
We are committed to providing equal employment opportunities to all persons regardless of race, color, ancestry, citizenship, national origin, religion, veteran status, disability, genetic characteristic or information, age, gender, sexual orientation, gender identity, marital status, family status, pregnancy, or other legally protected status (collectively, “protected statuses”). We do not tolerate unlawful discrimination in any employment decisions, including recruiting, hiring, compensation, promotion, benefits, discipline, termination, job assignments or training.
The above job definition information has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job. Job duties and responsibilities are subject to change based on changing business needs and conditions.