Compliance Manager, Information Security

About The Position

Requirements

• Strong leadership, project and team-building skills, including the ability to lead teams and drive projects and initiatives across multiple departments.
• Ability to identify risks associated with business processes, operations, information security programs and technology projects.
• Ability to develop working relationships with the business, and a broad understanding of business processes to translate technical issues into business-related decision points.
• Strong critical thinking and analytical skill.
• Ability to drive tasks forward with limited direction.
• Exceptional communication and presentation skills with diverse audience.
• InfoSec certifications including CISSP, CISA, and CISM are desired
• Bachelor’s degree in an IT, Information Security or Audit related field of study, or equivalent experience
• Working in information security and/or IT audit
• Experience as a PCI Qualified Security Assessor (QSA) is preferred
• Working knowledge of key industry standards and security regulatory frameworks (SOC 1, SOC 2, SOX, PCI, COBIT 5, ISO, NIST, etc.) is desired
• Practical experience supporting Sarbanes-Oxley (SOX) compliance
• Experience working in a company using SAP (knowledge of Access Management/GRC within SAP)
• Experience in a global retail environment is preferred
• Drive privacy impact analysis, record of processing activities, with applications and data management solutions
• Working knowledge of EU, US and other regional Privacy and Financial regulations

Responsibilities

• Support Controller of Accounting & Reporting to develop and supply requirements for SAP GRC Rules (including mitigating controls) to IT IdAM Operations
• Performs or oversees information security assessment/analysis, mitigation and remediation.
• Advise in implementing solutions and mitigation plans for control deficiencies; regulatory and compliance gaps and make recommendations for process efficiencies.
• Conducts ongoing security compliance monitoring activities in coordination with the organization’s other compliance and operational assessment functions.
• Partners with Information Security Awareness to oversee, develop and provide compliance training to the workforce.
• Educate and coach internal Technology teams on technology risk, audit, and control principles.
• Ensures timely completion of User Access, Privileged Access and Segregation of Duties and other control reviews.
• Collaborate cross-functionally with teams including Legal, Privacy, Internal Audit, IT Risk Management, IT Security, external consultants and auditors on assessments, process improvements, documenting standards and procedures, and ensuring deadlines are achieved.
• Support IT risk, audit, and compliance reporting via consolidated dashboards to aid in executive management decision making process.
• Identify and report metrics to IT leadership on monthly basis
• Maintain current knowledge of appliable global, federal, and state information security laws and accreditation standards.
• Maintain required administrative processes such as meetings, training, budgeting, status reporting, etc.
• Oversees work of GRC analysts to ensure timeliness and accuracy

Benefits

• competitive benefits program that provides choice and flexibility to meet your and your family’s needs – now and in the future.
• resources to support your physical, emotional, social, and financial wellbeing
• discounts on our apparel.
• four weeks of Paid Parental Leave to eligible employees who are new parents
• Flexible Fridays
• Tuition Reimbursement