Manager, IT Risk & Compliance in Canton, MA

View All Food & Beverages jobs


Food & Beverages   •  

Less than 5 years

Posted 7 weeks ago

Purpose of Position-

This position develops and oversees all IT Compliance related programs and processes in order to ensure that risks are minimized and regulatory requirements are met. In addition, this position is responsible for the development and oversight of the IT risk governance framework including managing the Dunkin Brands IT Security and Privacy policy and program as well as ensuring the right controls are in place for protecting data (paper and electronic). Working closely with business units and IT departments, the Manager of ERM – IT Risk & Compliance ensures that all workflow and business processes meet or exceed regulatory and contractual compliance expectations while supporting delivery requirements. The individual will also work to identify and proactively address risks and opportunities to protect the Dunkin Brands environment, its customers and our brand reputation.

What You'll Be Working On-

  • Oversee and provide leadership for the development, implementation and validation of compliance for all critical IT regulatory areas including, but not limited to, Sarbanes-Oxley (SOX), Payment Card Industry Data Security Standards (PCI-DSS) and global data privacy regulations
  • Demonstrate organizational leadership and commitment by meeting commitments, communicating effectively and establishing good rapport with colleagues
  • Oversee corporate information security risk assessments, including penetration tests; security awareness training, social engineering testing, while working with the business to address identified security risks
  • Manage the third-party vendor on-boarding process by evaluating the security of prospective partners
  • Review third-party audits and security assessments including annual PCI assessment, SOC 1 & 2 reports, vulnerability assessments; coordinate responses to reports and assessments as appropriate
  • Oversee the effectiveness of both the tools and vendor partnerships required to execute a successful IT compliance program
  • Oversee remediation efforts for IT compliance exceptions with appropriate expertise, discretion and professionalism
  • Provide education and subject-matter expertise to franchisees and DBI field team members in the areas of PCI compliance and store-level data breach processes
  • Perform risk evaluation, treatment and reporting with respect to IT risk across the organization
  • Establish context and an understanding of the current conditions in which the organization operates on an internal, external and risk management perspective
  • Provide IT Information Security program governance with respect to the protection of data through Dunkin' Brands Information Security and Privacy Policy and Standards
  • Manage the annual Information Security and Privacy Policy review, update and approval process, as well as keep up with Industry Best Practice and develop new policies as needed
  • Ensure that Dunkin' Brands Information Security and Privacy program is defined and elements are included to ensure the preservation of confidentiality, integrity and availability of information

What You'll Need-

  • Bachelor's degree with concentration in IT or business required
  • Minimum of 3-5 years of information security, IT audit and/or IT Risk Management experience
  • CISM, CISA, or PCI certification a plus
  • Detailed knowledge of relevant applications and technical platforms.
  • Project Management certificate or proven experience using standard project management methodology a plus
  • Experience auditing financial systems and processes, preferably in a restaurant or retail environment
  • Excellent partnering skills are required
  • Supervisory experience preferred