Associate Manager, Compliance - Legal
S.C. Johnson & Son is establishing a GIS Governance function reporting to the Legal department. The GIS Governance function will provide the enterprise oversight for high risk activities and input into security priorities for the Global Information Security (GIS) department based on risk.
The Compliance position is responsible for ensuring that compliance operations activities are performed in accordance with customer and company standards and specifications. The Compliance position is responsible for risk management, governance and compliance activities. The Compliance position will work directly with the GIS, Legal and other appropriate organization stakeholders to understand security risk issues, oversee risk assessment and mitigation efforts, and develop effective policies, standards, procedures and guidelines to establish and administer ongoing activities to achieve compliance.
Duties and responsibilities
• Identify and prioritize GIS reviews for regulatory requirements (e.g. HIPAA, PCI, Privacy, and GDPR) with regulatory and corporate policies.
• Revise compliance policies and procedures based on forensic compliance testing results
• Partner with GIS to develop, document and establish formal security policies, standards, procedures and guidelines to meet the requirements of the organization
• Identify and evaluate vulnerabilities, risks and problem/issues, facilitate and develop solutions with owners, and facilitate implementation of timebound remediation efforts
• Participate in security awareness activities to develop messaging and attend meetings.
• Maintain knowledge of new vulnerabilities, risk and tools/techniques to remediate
• Track and report on status of remediation efforts and conduct compliance audits
• 3+ years of Compliance experience and Information Security related field.
• Understand information security best practices, including principles, security protocols, standards (ISO 2700o, NIST, etc.) and technology.
• Ability to read and interpret the results of audit reports and security assessments, associated compensating controls, residual risk, etc.
• Ability to gather data and synthesize information, perform analysis, and demonstrate how the results may impact the organization.
• Excellent communication skills including verbal, written and presentation skills
• Ability to work in a collaborative manner with GIS and organization stakeholders to achieve results
• Possess and exercise a strong sense of ethics and confidentiality.
• Highly organized and able to manage work effectively with shifting priorities
• Undergraduate degree in Computing Science, Information Management or MIS.
• Certification in Information Security are (e.g. CISSP, CRISC, CISM, etc.) preferred.
• Experience with one of big four consulting houses preferred.
S.C. Johnson & Son, Inc. is an equal employment opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, protected veteran status, status as a qualified individual with a disability, marital status, pregnancy, sexual orientation, ancestry, genetic information, or any other characteristic protected by law.