About the position
The IT Risk and Compliance Program Manager is charged with leading in the identification, assessment, measurement, monitoring, and reporting of IT risk through Lineage Logistics' technology risk and cyber security program. This role's primary function will involve supporting the company's information technology general controls (ITGC) program. In addition, this role may be called on to support corporate operations and technology compliance audits, vendor / partner risk assessments, M&A due diligence or support customer assurance efforts as needs, and interests require. This role will also support security awareness and education efforts delivered to company employees and relevant parties. The ideal candidate will understand current IT compliance frameworks, technologies, and processes while being continuously on the lookout for innovative and flexible ways to automate processes that support a fast-paced, secure, and empowered environment.
Responsibilities
- Documenting technology processes and identifying critical technology controls.
- Assisting with internal and external audits and assessments including control assessment, monitoring, and reporting including collection and organization of evidence.
- Conducting third party controls evaluation to determine risk.
- Working with various internal teams or external parties to define and prioritize remediation efforts, tracking remediation activities, and inspecting/validating solutions that have been implemented.
- Responding to customer and partner questions regarding GRC topics.
- Performing other duties within the scope of governance, risk, and compliance as needed.
Requirements
- Practical experience with policy and regulatory mandates such as SOX 404, COBIT, SOC1/SOC2, CSA-CCM, ISO27001/27002/27031, GDPR, CCPA, PCI-DSS and NIST Risk Management Framework and associated standards such as NIST sp800-34, sp800-53, sp800-171/2, FedRAMP, etc.
- Fundamental technical understanding of key technologies such as Windows, Linux, and Mac, networks, application development, databases, virtualization, and cloud infrastructures.
- 5-7 years relevant experience, or a BA or BS / MA or MS degree in Computer Science/Engineering, Math, Information Security, Information Systems, Information Assurance, Information Security Management, Intelligence Studies, Data Science, or Cyber Security.
Nice-to-haves
- Experience supporting a IT compliance program for a publicly traded company.
- Project management experience in scoping, work break-down, critical path analysis, resourcing, managing time estimates, project risks, and quality.
- Ability to think strategically about risks and tie those risks to tactical organizational activities.
- Professional certifications such as: Certified Information Systems Auditor (CISA) and Certified in Risk and Information Systems Control (CRISC).
Benefits
- Safe, stable, reliable work environments.
- Medical, dental, and basic life and disability insurance benefits.
- 401k retirement plan.
- Paid time off.
- Annual bonus eligibility.
- A minimum of 7 holidays throughout the calendar year.
