Manager IT Risk and Compliance at Amcor Limited in Remote

Principal Accountabilities

• Manage and own major GRC-focused projects from beginning to end with minimal supervision.
• Provide leadership, guidance, and oversight to ensure the implementation and consistent operation of an information security governance, security risk management and compliance program.
• Overall ownership and maintenance of all Global IT policies including updates and ensuring alignment with industry standards.
• Perform compliance assessments to decide if business systems are aligned with regulatory requirements, industry standards, polices and best practices
• Plan and perform annual IT risk assessments across company departments, business units and operational locations.
• Collaborate with key stakeholders at all levels of the organization to confirm, verify and address audit findings, control deficiencies and remediation plans
• Document, keep, report and articulate audit - related information (i.e., scope, findings, recommendations, corrective action plans, and status) to appropriate leadership
• Coordinate all aspects of regulatory audits (i.e., pre - site deliverables, audits/assessments, on - site visits and planning, written responses to audit reports)
• Participate on Segregation of Duties committee, sit as a member chair as part of the policy working group and provide security guidance and best practices

Job Dimensions

• Is leader of a global team of SAP Security analysts across Europe and America.
• Occasional travel required for global audits and other responsibilities

Major Challenges & Complexities

• Introduce / reinforce standardised work i.e. develop and deploy standard processes, KPIs, governance
• Complex business environment i.e. with regular changes to the scope (Mergers & Acquisitions), different stakeholder goals, global and local approaches
• Distributed team with different skill sets and customer culture / approach
• Multi-tasking and setting priorities i.e. ensuring the priorities are aligned and respected across the BU

Qualifications/Requirements

• Proven leadership experience in similar roles
• Bachelor’s degree in IT or related field required
• 5 - 10 years’ experience in related field
• CISSP, CISA, CISM, or other relevant certifications are a plus but not required
• Knowledge of control frameworks such as ISO 27001, COSO, COBIT and ITIL
• Knowledge of regulatory requirements such as SOX, HIPPAA, FDA CFR Part 11