$150K — $200K *
Our global house-of-brands inspires and empowers youth culture. Relentlessly committed to fuel a shared passion for self-expression, we create unrivaled experiences at the heart of the sport and sneaker communities through the power of our people. If you want to be a part of something bigger than you can imagine, you’ve come to the right place. To learn more about the incredible impact we’re making on both our local and global communities, Click Here!
Foot Locker, Inc. is seeking a Senior Manager, IT Security Compliance. This is a strategic thought leadership focused role with responsibility for a comprehensive approach to governance and compliance.
Reporting to the Senior Director, IT Security Compliance. This role will be a key member of Foot Locker’s IT Security and Compliance leadership team and will be expected to build strong partnerships across multiple cross functional stakeholders.
This position is primarily responsible for Foot Locker Inc.’s global IT Sarbanes-Oxley (SOX) Program. The role partners closely with local IT teams, internal and external auditors, and Corporate IT to ensure that required IT SOX and IT General Controls are adequately performed. The individual filling this role will provide guidance to local IT Management for SOX controls and will assist in narrative preparation as well as the review of Management’s testing of IT Controls for all IT sites globally. The position is the central point of contact for the Company’s IT Controls.
IT Governance & Risk Management
Leads, develops, implements, and maintains the IT risk management strategy, processes, and procedures, while actively promoting IT risk awareness across the organization
Responsible for analysis of IT risk and control assessments across Infrastructure, Application and Data assets, including Information Security, Application Management, Disaster Recovery, emerging technologies, 3rd party security, and IT regulatory compliance.
Maintain up-to-date knowledge and understanding of technology trends, security threats, infrastructure vulnerabilities, and business dependencies on reliable IT that could impact the company’s risk profile.
Assess the Information Security program including organizational design and key processes.
Maintain the register of material IT risks and monitor risk mitigation plans.
Support risk management activities for 3rd party IT risks
Identify and integrate leading practices into the IT risk management process.
Plan for future-state cyber security GRC by providing direction on development and implementation of governance, risk and compliance processes, tools and metrics.
Annual review and maintenance of the cyber security policy, control objectives and authoritative sources
Streamline the management and coordination of our GRC program through the leveraging of our GRC platform.
Train and mentor other team members to consistently deliver on the goals and objectives of the cyber security governance program.
Ensure technical and operational security controls are incorporated into new systems and applications through participation in planning, design and implementation reviews of all new systems and significant changes to existing systems.
Responsible for reviewing management’s control documentation/narratives, application inventory, and testing of IT SOX controls for in-scope IT locations globally.
Partner with the IT Internal Audit team and related internal teams to identify controls in-scope for each site required to be included in the IT control testing activities.
Consult with leadership teams to create and maintain scorecards for tracking compliance and measuring risk across regions, markets, and portfolios.
Identify strategic, operational and systemic compliance related issues and effectively negotiate with and influence stakeholders to resolve issues by developing proposals, outlining solutions, and negotiating time commitments and resources.
Responsible for ensuring full PCI compliance and establishing the strategies that will enable us to reduce scope/risk.
Provide leadership and oversight of the Security Awareness Program
Provide leadership and oversight of the Security Review Board
Exhibit strong communication, collaboration, and conflict management skills to establish and maintain relationships with business leaders, customers, and 3rd parties.
Stay abreast of emerging trends and best practices within the IT compliance industry; seek and leverage best practices from other non-competing organizations.
Provide strong subject matter expertise and leadership across a matrixed global organization.
This position requires a BA/BS degree in Information Systems or equivalent, and at least 6 years of IT governance, IT audit, risk, compliance-related experience at Big 4/Regional accounting firms.
This position requires a professional certification such as a CISA, CISM, or equivalent
Prior experience performing IT control testing activities is required.
Retail industry and PCI auditing experience is desired.
Experience with ISO27001/2, NIST, COBIT or similar frameworks is desired.
Must be detail oriented with strong communication, organizational, project management and issue resolution skills.
Must have the ability to lead, mentor, train and develop leaders and technical associates and have excellent relationship management skills across all levels of the organization.
Understanding of IT infrastructure and development processes and associated IT controls required to support a fully functioning and controlled IT environment.
Maintain an understanding of project management methodologies and system development life cycles, including Agile and DevOps methodologies
Excellent written and communication skills.
Valid through: 4/14/2021