Associate Manager, Compliance - Information Security
The Associate Manager of Information Security Compliance role is to assess and oversee all technology-related compliance issues across the organization including information security, privacy, business continuity, identity management, user access and data integrity. This includes providing objective risk assessments of the company's compliance with regulatory, organizational and commercial requirements governing the organization's information technology systems.
This individual will also assess implementation of procedures and controls to ensure that the organization's practices remain compliant to all pertinent local and federal laws and industry standards. In this role, the Associate Manager of Information Security Compliance will be working directly with non-IT compliance professionals, such as Legal and Audit to ensure organizational alignment.
• Determine and maintain an inventory of all regulatory, commercial and organizational technology compliance requirements.
• Develop and perform IT compliance control monitoring through metrics to ensure IT compliance-related risks are managed to the appropriate level of acceptable residual risk.
• Report the levels of IT compliance risk and control effectiveness to key stakeholders such as IT-business unit management, senior management, legal management, internal/external auditors, and so on.
• Assist with the IT compliance training and awareness program that periodically educates the requisite end-user community on the relevant IT compliance requirements, and certifies their adherence to the relevant IT compliance controls.
• Ensure all related IT compliance policies are updated, based on any relevant regulatory changes or new laws.
• Conduct necessary IT compliance control monitoring and testing activities to determine the effectiveness of the controls.
• Monitor remediation effort of IT compliance control deficiencies and report to key stakeholders.
• Monitor third-party adherence to IT compliance requirements and address any and all instances of noncompliance.
• Identify any gaps between the desired levels of compliance and monitor the current level of maturity.
• Oversee the monitoring and periodic testing of IT compliance controls to ensure ongoing adherence, with a given standard or framework.
• Identify and resolve any issue of noncompliance, with a related standard or framework.
• Be an advocate to the Business relative to meeting compliance objects.
• 5+ years in experience in Cyber Security Compliance related field
• Undergraduate degree in the field of computer science or cyber security required
• Identify, analyze, and develop trends or patterns in data sets
• Must have working knowledge of standards such as ISO 27000, NIST, ITIL, PCI, HIPAA
• GRC tool experience required
• Industry-related compliance or information security certification such as a CISA or CISSP is required
• Big 4 consulting experience preferred
• Ability to establish credibility and working relationships with a wide range of corporate personnel, including operations, management, executive and legal staff as well as external personnel, including auditors
• Ability to set and manage priorities judiciously
• Ability to present ideas in business-friendly and user-friendly language
• Exceptionally self-motivated, directed and detail-oriented
• Superior analytical, evaluative and problem-solving abilities
• Ability to motivate in a team-oriented, collaborative environment
• Ability to work well under minimal supervision
• Knowledge of information security principles
S.C. Johnson & Son, Inc. is an equal employment opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, protected veteran status, status as a qualified individual with a disability, marital status, pregnancy, sexual orientation, ancestry, genetic information, or any other characteristic protected by law.