For over 35 years El Pollo Loco dominates the market in delivering the freshest, most delicious, citrus-marinated fire-grilled chicken in a quick-service restaurant chain. It's our unique preparation of award-winning "pollo," use of authentic ingredients and handmade items that creates a mouthwatering "crazy you can taste" experience. From our welcoming atmosphere to our exceptional guest experience and passionate people - we're truly amazing – see for yourself!
Individual to manage and maintain privacy and cybersecurity policies, processes, and products. Focused on building both the user-facing features and internal services that give our users and consumers choice around their data, build trust, advance data privacy, and safely enable our business growth.
Essential Duties and Responsibilities:
- Lead cybersecurity and privacy management program (CCPA) for El Pollo Loco.
- Develop, update, and implement cybersecurity countermeasures, policies, and controls. Identify all sources of potential cybersecurity breaches and support the analysis of the related effects on system safety. Identify and coordinate cybersecurity requirements with external and internal contacts and service providers. Identify and coordinate system compliance with an industry standard cybersecurity approach.
- Manage CCPA individual rights requests for information and erasure within our TrustArc platform. Manage and monitor all PII activity for the brand. Create and maintain policies and procedures for privacy compliance with the CCPA and any other privacy laws that apply to El Pollo Loco.
- Develop, implement, and execute standard procedures for the administration, content management, change management, version/patch management, and lifecycle management of the SIEM/Log Management platforms.
- Develop, recommend, and implement enterprise information security policies, technical standards, guidelines, procedures, and other elements of an infrastructure necessary to support information security in compliance with established company policies, regulatory requirements, and generally accepted information security controls such as PCI, SOX, CCPA, etc.
- Interacts professionally and ethically, constructively participating as a collaborative team member or leader in pursuit of common goals.
Qualifications – Education, Experience, License/Certifications:
- Security or privacy depth - You have knowledge and experience in approaches to securing user data and keeping it private. You have broad knowledge of integrating privacy principles in the systems and product design process.
- Privacy pragmatism - You have lofty ideals for user privacy and can apply them in a business environment. You're able to build and advocate for suitable security practices to enhance privacy. You have experience with building and deploying high-tier internal infrastructure at scale. You can take the lead and have a great sense of what doing 'the right thing' is. You might have deep knowledge of privacy enhancing technologies, e.g. data anonymization or differential privacy.
- Architecture skills - You know how to build highly scalable, robust, and fault-tolerant services that support our unique rate-of-growth. You stay up-to-date with the latest architectural advancements. You understand how architecture impacts privacy and security. In addition to having an intimate knowledge of the stack, you see how it all fits together and can navigate both typical and complex privacy pitfalls.
- Ability to learn on the go - You flourish with new technologies and don't believe in one-size-fits-all solutions. You can adapt to meet the needs of our massive scale, growth, and evolving business environment. You feel ownership over everything you manage. You pride yourself on efficient monitoring, thorough documentation, and proper test coverage.
- A great teammate - You believe that you can achieve more on a team; that the whole is greater than the sum of its parts. You rely on others' candid feedback for continuous improvement.
- Minimum of 5 years of experience in determining the appropriate System Security products or services, ability to define a project scope, requirements and deliverables
- Minimum of 5 years of experience in providing high level technical advice and counsel to management on matters relating to new or modified IT policies and programs that affect or relate to current and existing System Security and/or privacy functions and programs
- 5 years of experience in Privacy, Data Protection, Privacy Engineering, and/or Information Security Compliance.
- Familiarity with security and privacy standards such as PCI, SOC, CCPA, etc.
- Demonstrated experience in developing and managing a privacy compliance program that balances risk and the needs of the business.
- Experience with Software-as-a-Service or cloud service providers industry challenges.
- Excellent interpersonal, verbal, and written communication skills with the ability to communicate privacy concepts to a broad range of technical and non-technical staff.
- Demonstrated success working with internal audit, external auditors, outside consultants, and legal counsel.
- Equally comfortable working with other members of the team, as well as independently.
- Ability to manage multiple projects and deliver quality work to deadlines
- Experience in making recommendations for resolving System Security problems and requirements for multiple platforms
- Experience in application security architecture, security code reviews, security testing, incident response, or security infrastructure
- Experience with Amazon Web Services
- Developing and interpreting policies, procedures, and strategies governing the planning and delivery of System Security services throughout an enterprise Cloud infrastructure;
- Providing technical advice, guidance, and recommendations to management officials and technical staff on critical System Security issues
- Applying knowledge of IT project management principles, methods, and practices to develop plans and schedules, estimate resource requirements, define milestones and deliverables, monitor activities, and evaluate and report on accomplishments
- Demonstrated experience administering Linux and Windows operating systems in accordance with applicable security controls