Vacancy expired!
IT Risk Management and Compliance LeadWould you like to ensure security of our global organization?Would you like to lead a team that ensures compliance standards are met?Join our Digital Technology Team!We operate at the heart of the digital transformation of our business. From Digital Engineering to enabling employee success, the Digital Technology (DT) team is driven to provide the best products and services. We collaborate with the business and DT teams to ensure the highest standards of compliance are met.Partner with the bestThe IT Risk Management and Compliance Lead works collaboratively within a team to support the DT's compliance function in the development and implementation of strategic goals that drive compliance with various IT controls (e.g., SOX, Data Privacy, NIST 800-53, ISO 27001, ISA 62443) associated to regulatory, statutory, company or contractual obligations.As an IT Risk Management and Compliance Lead you will:
- Leading portions of compliance programs and act as a central point of contact and subject matter expert on specific areas/applications to ensure appropriate internal controls for the enterprise, operational technology (OT) or product security
- Providing oversight and guidance for periodic control reviews to ensure compliance with information security policies and established security controls
- Responsible for the collaboration with management on the on-going compliance control programs as well as potentially leading testing coordination efforts between external/internal auditors and internal Business Controllership Stakeholders and Information Technology owners
- Maintaining on-going communication with the business, external/internal auditors as it relates to alignment on audit planning, walkthroughs/testing, audit requests, impact assessments, and deficiency evaluation of IT controls (e.g., SOX, Data Privacy, NIST 800-53, ISO 27001, ISA 62443)
- Developing metrics and compliance dashboards to monitor and measure effectiveness of security controls, and communicate progress in reducing risk
- Partnering with IT and the business, focusing on areas of highest IT and cyber risk, to continuously improve on controls or automate compliance activities
- Delivering timely and concise communication, including developing and producing management reports, illustrating status, trends, and action plans
- Educating Business Process and Information Technology control owners by leading training sessions and focus sessions to demonstrate compliance requirements and share hot topics
- Working with project teams on verification of controls prior to migration to production, as applicable.
- Have 5+ years of combined experience in an IT risk management, IT compliance or IT audit role
- Have experience in project management practices, tooling, and managing projects through the SOX, GDPR, and/or NIST/ISO 27001/ISA 62443lifecycle
- Have knowledge of COSO/COBIT framework and experience applying the framework in a manner that supports SOX, GDPR, and/or NIST/ISO 27001 compliance and operational efficiencies
- Have experience with a major governance, risk and compliance (GRC) tool, such as Archer or Service Now
- Have experience in ITGITC audits including interfaces, control reports configurable controls
- Have experience with leveraging data analytics to perform targeted sampling techniques and using automation for continuous monitoring
- Have technical ERP knowledge on one or more major ERP package, such as Oracle EBS, SAP, and Hyperion systems
- Have demonstrated track record of technical expertise with one or more SOX, GDPR, and/or NIST/ISO 27001/ISA 62443
- Have Information security certifications (CISSP, CISM, CISA, etc.)
- Have an ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily understood, authoritative, and actionable manner
- Working flexible hours - flexing the times when you work in the day to help you fit everything in and work when you are the most productive
- Contemporary work-life balance policies and wellbeing activities
- Comprehensive private medical care options
- Safety net of life insurance and disability programs
- Tailored financial programs
- Additional elected or voluntary benefits