Job Description

We operate at the heart of the digital transformation of our business. From Digital Engineering to enabling employee success, the Digital Technology (DT) team is driven to provide the best products and services. We collaborate with the business and DT teams to ensure the highest standards of compliance are met.

Partner with the best

The IT Risk Management and Compliance Lead works collaboratively within a team to support the DT’s compliance function in the development and implementation of strategic goals that drive compliance with various IT controls (e.g., SOX, Data Privacy, NIST 800-53, ISO 27001, ISA 62443) associated to regulatory, statutory, company or contractual obligations.

As an IT Risk Management and Compliance Lead you will:

Leading portions of compliance programs and act as a central point of contact and subject matter expert on specific areas/applications to ensure appropriate internal controls for the enterprise, operational technology (OT) or product security
Providing oversight and guidance for periodic control reviews to ensure compliance with information security policies and established security controls
Responsible for the collaboration with management on the on-going compliance control programs as well as potentially leading testing coordination efforts between external/internal auditors and internal Business Controllership Stakeholders and Information Technology owners
Maintaining on-going communication with the business, external/internal auditors as it relates to alignment on audit planning, walkthroughs/testing, audit requests, impact assessments, and deficiency evaluation of IT controls (e.g., SOX, Data Privacy, NIST 800-53, ISO 27001, ISA 62443)
Developing metrics and compliance dashboards to monitor and measure effectiveness of security controls, and communicate progress in reducing risk
Partnering with IT and the business, focusing on areas of highest IT and cyber risk, to continuously improve on controls or automate compliance activities
Delivering timely and concise communication, including developing and producing management reports, illustrating status, trends, and action plans
Educating Business Process and Information Technology control owners by leading training sessions and focus sessions to demonstrate compliance requirements and share hot topics
Working with project teams on verification of controls prior to migration to production, as applicable.

Fuel your passion

To be successful in this role you will:

Have an 8+ years of combined experience in an IT risk management, IT compliance or IT audit role
Have experience in project management practices, tooling, and managing projects through the SOX, GDPR, and/or NIST/ISO 27001/ISA 62443  lifecycle
Have knowledge of COSO/COBIT framework and experience applying the framework in a manner that supports SOX, GDPR, and/or NIST/ISO 27001 compliance and operational efficiencies
Have experience with a major governance, risk and compliance (GRC) tool, such as Archer or Service Now
Have experience in ITGC/GITC audits including interfaces, control reports configurable controls
Have experience with leveraging data analytics to perform targeted sampling techniques and using automation for continuous monitoring
Have technical ERP knowledge on one or more major ERP package, such as Oracle EBS, SAP, and Hyperion systems
Have demonstrated track record of technical expertise with one or more SOX, GDPR, and/or NIST/ISO 27001/ISA 62443
Have Information security certifications (CISSP, CISM, CISA, etc.)
Have an ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily understood, authoritative, and actionable manner

Work in a way that works for you

We recognize that everyone is different and that the way in which people want to work and deliver at their best is different for everyone too. In this role, we can offer the following flexible working patterns:

Working flexible hours - flexing the times when you work in the day to help you fit everything in and work when you are the most productive