IT Risk and Compliance

General Overview

Job Title: Senior Manager, IT Risk and Compliance  
Functional Area: Information Technology (ITM)        
Career Stream: IT Risk & Compliance (ITR)        
Role: Senior Manager (SMG)            
Job Code: SMG-ITM-RISK
Job Band: 11            
Direct/Indirect Indicator: Indirect

Summary

The Senior Manager, IT Risk and Compliance leads IT Security initiatives and projects. Works closely with senior stakeholders to understand the business (security initiatives and compliance) security requirements and risks and work with IT team to implement. They are responsible for ensuring IT projects and initiatives are part of the Security strategy and within the IT roadmap. This role will also have to coordinate with external vendors and internal IT teams to ensure that the cybersecurity requirements are met and exceeded, as well as coordination with customers and government agencies to support assessment and compliance requirements. 

Detailed Description

Performs tasks such as, but not limited to, the following:

• Leads the engagements with stakeholders and IT Security initiatives and projects (including security governance and compliance) ensuring interactive collaboration with the stakeholders IT Security team.

• Ensures and manages governance and maintenance of compliance roadmap.

• Participate in compliance projects around IT and National Institute of Standards and Technology NIST CSF. Overall ongoing governance and compliance for specific sites relative to market. Develops and enhances the information security management framework based on the NIST CSF standard (IT and National Institute of Standards and Technology) and SOX requirements. Responds to customer and government enquiries as to NIST CSF and SOX compliance, specifically by completing security questionnaires in conjunction with site IT as appropriate..

• Responds to various IT audits when required around IT Security projects and compliance initiatives with the whether external or internal.

• Evaluates general and specific training needs; delivers training to support the control environment and associated control framework; communicates governance and compliance objectives, fosters a compliant and risk aware culture.

• Oversee the deployment and maintenance of IT Security solutions and compliance.

• Establishes and maintains effective relationships with process owners/sites to proactively assess business risks and develop risk mitigation.

Knowledge/Skills/Competencies

• IT Security Best Practices

• IT Governance and Audit Procedures

• Knowledge of common information security frameworks and IT controls frameworks, such as ISO/IEC 27001, ITIL, COBIT/COSO and ones from NIST.

• Knowledge and understanding of relevant legal and regulatory requirements, such as NIST CSF, SOX compliance, IT security controls and governance

• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences. 

• Leadership skills, ability to motivate people

• Organized and able to meet deadlines

• CMMC guidelines and requirements

• Must have strong knowledge of Access Management, DLP solution, SIEM technology and Auditing and Log monitoring (tools, processes, techniques)

Physical Demands

• Duties of this position are performed in a normal office environment.

• Duties may require extended periods of sitting and sustained visual concentration on a computer monitor or on numbers and other detailed data. Repetitive manual movements (e.g., data entry, using a computer mouse, using a calculator, etc.) are frequently required.

Typical Experience

• 15 to 18 years of relevant experience.

Typical Education

• Bachelors Degree or consideration of an equivalent combination of education and experience.  CISSP, CISA certification(s) a plus

• Educational requirements may vary by geography.

Notes

This job description is not intended to be an exhaustive list of all duties and responsibilities of the position. Employees are held accountable for all duties of the job. Job duties and the % of time identified for any function are subject to change at any time.