SUMMARY
This role will be responsible for building and implementing programs, policies and practices to ensure that the organization complies with industry and government regulatory compliance. You will liaise closely with internal business units, Legal, HR and other relevant departments to increase security awareness, assess compliance and where necessary, provide support in remediating non-compliant areas.
 
DUTIES AND RESPONSIBILITIES
Establish and manage a compliance calendar for training and attestations. Identify and coordinate the delivery of IT security training and awareness for both technical and non-technical audiences.
Document and communicate policies and procedures as they relate to IT security and risk management to all key stakeholders. Establish and maintain a repository of policies and procedures for internal constituent's use.
Leverage organizational risk assessment to develop and refine on-going processes and deliverables to improve IT security and compliance. Work collaboratively with external partners on ad hoc risk assessments to focus on specific areas of concern and deliverables. Document and archive vendor risk assessment reviews and attestations.
Partner with the business unit leadership on standards and regulations, such as PCI DSS, EU GDPR, FDA CFR or new business initiative needs to ensure compliance and completion of any filings or attestations. Act as an advisor to associates and management on specific security requirements, implementations and the impact on business processes, applications and systems as needed.
Assist in data protection program initiatives
Communicate identified security risks to appropriate parties to ensure a clear understanding of the risks as well as potential mitigations.
Provide a monthly report on the status of any compliance activities and remediation efforts. Circulate these finding to Key Stakeholders.
Remain current and a functional expert in security practices and IT security regulatory compliance.
Special Projects as needed
 
SUPERVISORY RESPONSIBILITIES
This position has no SUPERVISORY RESPONSIBILITIES.
 
SKILLS AND QUALIFICATIONS
Bachelor's degree in information technology related field, management information systems, or business administration
3 or more years of experience in information security, governance, IT audit, or risk management
Strong understanding of security governance, compliance, and risk management principles
Analytical ability to assess risks, adequacy of controls, and impact upon business processes
Ability to work and learn independently
Strong written and verbal communication skills with all levels of management
Ability to manage multiple tasks concurrently
 
PHYSICAL DEMANDS
Sitting for extended periods of time
Dexterity of hands and fingers to operate a computer keyboard, mouse, and other computing equipment
The employee frequently is required to talk or hear
The employee is occasionally required to reach with hands and arms
Specific vision abilities required by this job include close vision, distance vision, color vision, peripheral vision, depth perception, and ability to adjust focus
Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions
 
WORK ENVIRONMENT
The noise level in the WORK ENVIRONMENT is usually moderate
Fast paced office environment
On-call availability
 
CERTIFICATES, LICENSES, REGISTRATIONS
CISA or similar certification
CISSP or CISM certification preferred
CobIT or related IT audit experience preferred
 
OTHER DUTIES
Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.
 
This company is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other legally protected characteristics.