Manager of Information Security

About The Position

Requirements

• A bachelor’s degree and 5+ years’ experience in a risk, compliance or IT auditor role
• Strong leadership and team development skills, with experience managing cross-functional and global teams.
• Excellent communication skills and a familiarity with common compliance standards (SOX, SOC2, PCI-DSS, GDPR, SEC, etc.)
• Demonstrated knowledge and experience in the implementation of governance frameworks and security risk management processes, such as NIST, ISO, and COBIT guidelines and standards
• Strong organizational skills and the ability to multitask and switch priorities with short notice
• Strong business analysis, research and analytical skills
• Excellent communication skills and a strong understanding of information security fundamentals
• Availability to work off business hours as required

Nice To Haves

• Relevant security certifications (CISSP, CISM, or CIPP)
• 3+ years’ experience directly managing personnel, including hiring, developing, motivating, and directing people as they work

Responsibilities

• Lead, manage and support Morningstar’s current and future compliance related responsibilities (SOX, SOC2, PCI)
• Monitor and enforce compliance to information security and compliance policies and standards
• Execute audit tests; identify issues and areas for improvement in efficiency and effectiveness of information technology operations
• Document and manage security / policy / compliance exceptions where necessary
• Manage periodic reviews of security policies, processes and procedures
• Lead and manage the third-party risk management program
• Conduct relevant contract reviews for client security contracts
• Lead and directly manage a team of information security compliance analysts
• Liaise with Morningstar’s third-party audit personnel including internal, external, and client auditors and facilitate audits as required
• Ensure Morningstar processes are efficient and effective, and procedures are up-to-date, relevant, and adhere to compliance standards
• Plan, present and drive the strategic information security compliance program for Morningstar

Benefits

• 100% 401k match up to 6% of salary
• Stock Ownership Potential
• Company provided life insurance - 1x salary + commission
• Comprehensive health benefits (medical/dental/vision) including potential premium discounts and company-provided HSA contributions (up to $500-$2,000 annually) for specific plans and coverages
• Additional medical Wellness Incentives - up to $300-$600 annual
• Company-provided long- and short-term disability insurance
• Trust-Based Time Off
• 6-week Paid Sabbatical Program
• 6-Week Paid Family Caregiving Leave
• Competitive 8-24 Week Paid Parental Leave
• Adoption Assistance
• Leadership Coaching & Formal Mentorship Opportunities
• Annual Flex Stipend - $1000 annually to cover personal education & well-being expenses
• Tuition Reimbursement
• Charitable Matching Gifts program
• Dollars for Doers volunteer program
• Paid volunteering days
• 15+ Employee Resource & Affinity Groups
• Morningstar's hybrid work environment gives you the opportunity to collaborate in-person each week as we've found that we're at our best when we're purposely together on a regular basis.
• In most of our locations, our hybrid work model is four days in-office each week.
• A range of other benefits are also available to enhance flexibility as needs change.
• No matter where you are, you'll have tools and resources to engage meaningfully with your global colleagues.