Director – Governance Risk and Compliance in Louisville, KY

$200K - $250K(Ladders Estimates)

Yum! Brands   •  

Louisville, KY 40245

Industry: Hospitality & Recreation


11 - 15 years

Posted 60 days ago

This job is no longer available.

Job Description

Position Purpose

The Governance Risk and Compliance (GRC) Director will develop and leverage a broad base of IT Risk Management, IT Security, IT Compliance, and Information Governance policies, standards and frameworks to address strategic business risks, issues, and questions impacting, underlying IT systems/platforms, business data/information and related business processes. The position must understand the high level strategy and direction of global initiatives stemming out groups such as IT, IT Security, Digital, Marketing, Operations, Supply Chain, Finance, Human Resources, Legal/Privacy/Compliance, and Internal Audit. The Director of GRC reporting to the Global CISO will work in close collaboration with peer groups across the organization and ultimately provide senior leadership a risk based view on how information security and data risks are managed and mitigated throughout the organization.

Core Accountabilities

This individual must possess strong leadership skills in the areas of: (1) Leading through influence (2) Relationship building (3) Strategy development and execution (4) Strong people management and (5) Development of IT Risk Management, IT Security, IT Compliance, and Information Governance capabilities across the organization. This individual should be adept at quickly building trust based relationships and be seen by key business customers and peers as a partner. This role will leverage these relationships to help design, develop and promulgate practical and consumable IT Risk Management, IT Security, IT Compliance, and Information Governance solutions and services to support the wider enterprise.

Detailed Accountabilities

Key responsibilities include:

  • Anticipate, assess and mitigate operational, third party vendor, and compliance risks from current and changing business practices, systems, policies, procedures, regulations, and laws
  • Research, define and articulate key elements of effective IT risk management, IT compliance, and information governance programs
  • Develop and manage a team of IT risk management, IT compliance and information governance practitioners capable of executing IT risk assessments and regulatory and compliance reviews
  • Represent the organization to senior leadership through briefings and executive level reports (e.g., Board, Compliance, Audit, Risk Committees), planning sessions and other personal interactions
  • Support and actively advise project teams to address risks, questions and issues and help interpret and outline effective IT risk management, IT compliance and information governance practices in coordination with IT Security, Legal and Internal Audit peers
  • Lead a team to execute fit/gap assessments on current standards and policies to identify opportunities for policy refinement and enhancements
  • Refine existing and develop new polices and standards outlining critical IT security and IT risk management practices (e.g., technical security controls, data security, data privacy, etc.)
  • Outline, define, and train roles and responsibilities on how to support and maintain effective IT risk management, IT compliance and information governance practices in the wider organization
  • Coach peers and leaders to become more aware of the IT risk management discipline and to share best practices with stakeholders on new and existing initiatives and programs

Minimum Requirements

Screening Characteristics

  • BS in Business Management, Information Systems, Computer Science, or other technical degree
  • 10+ years of experience with specific leadership experience in IT risk management, IT compliance, information governance and other operational risk capabilities
  • Experience in:
  • Managing and developing highly capable global teams, including internal and external resources
  • Performing, managing, and delivering IT operational, third party, and compliance risk assessments
  • Identifying appropriate risk mitigations, compiling risk reporting, and managing risk escalation procedures
  • Leading IT risk management, security and compliance frameworks, and information governance models
  • Strong ability to assess urgency and prioritization and make risk-based decisions based upon situational circumstances
  • Familiarity with complex multi-national companies and distributed business models
  • Deep process and data control experience with core business functions such as operations (sales, KPIs), finance (revenue), supply chain (suppliers, recipes), marketing (customer, social), human resources (employee), and information technology (ERP, POS, ecommerce, Cloud, etc.)
  • Understanding of complex, digital commerce, customer facing, POS, BOH, and financial system risks
  • Advanced skills and understanding of technologies and the underlying process surrounding data and information control
  • Proficient in technical writing and creation of policies, standards, procedures and guidelines and the ability to convey complex concepts to non-technical stakeholders
  • Ability to manage a budget and global resourcing plan

Successful Characteristics

  • Positive attitude under pressure
  • Track record of delivering against deadlines
  • Extremely proficient in evaluating urgency and dealing with multiple high priority issues simultaneously
  • Process focused with the ability to think through solutions from concept, to engineering, to implementation, to support
  • Excel in collaborative, cross functional, and multi-cultural environments
  • Innovative thinking with an openness to accepting new ideas or thinking from others
  • Willingness to lead others with or without formalized reporting lines and directives
  • Project a positive and approachable attitude to those around you
  • Display and illustrate a high degree of thoroughness and dependability with strong ability to follow through to conclusions

Technical skills / experiences

  • Experience and willingness to manage and function in a 24x7x365 team and work non regular hours
  • Deep experience in common enterprise platforms and databases, including highly complex digital commerce platforms
  • Deep experience in core business, data and IT processes
  • Expresses high learning ability and interest in current and emerging technologies


Company Summary

Yum! Brands, Inc., based in Louisville, Kentucky, has over 48,000 restaurants in more than 145 countries and territories primarily operating the company's restaurant brands – KFC, Pizza Hut and Taco Bell – global leaders of the chicken, pizza and Mexican-style food categories. Worldwide, the Yum! Brands system opens over eight new restaurants per day on average, making it a leader in global retail development. In 2018, Yum! Brands was named to the Dow Jones Sustainability North America Index and ranked among the top 100 Best Corporate Citizens by Corporate Responsibility Magazine. In 2019, Yum! Brands was named to the Bloomberg Gender-Equality Index for the second consecutive year.

Valid Through: 2019-9-13