The focus of this role is to develop, implement, and evolve the IT compliance (SOX, HIPAA, GDPR, PCI, etc.), risk, and security program across Stericycle globally. This role will apply global IT industry best practices, enabling Stericycle to instill the business with new insights regarding global data, business risk, compliance, and information security. This position will lead and oversee teams responsible for IT Compliance, securityrisk management, SOX, GDPR, PCI, HIPPA, and Security Program Management as well as define and drive the strategy for governance, risk management and compliance programs.
Key Job Activities:
1) From a Global and Enterprise wide perspective, develop, implement, oversee, and revise IT related policies and procedures for the general operations and its related activities to prevent illegal, unethical, or improper conduct.
2) Oversee IT team that maintains and updates all IT controls, standard procedures, policies and enforcement of processes to enable compliance with regulatory requirements
3) Identifies potential areas of compliance vulnerability and risk; develops/implements corrective action plans for resolution of problematic issues, and provides general guidance on how to avoid or deal with similar situations in the future.
4) Provides reports on a regular basis, and as directed or requested, to keep the Corporate Compliance Committee of the Board and senior management informed of the IT operation and progress of compliance efforts.
5) Institutes and maintains an effective Global compliance communication program for the IT organization, including promoting (a) use of the Compliance reporting; (b) heightened awareness of Standards of Conduct, and (c) understanding of new and existing compliance issues and related regulations, policies, and procedures.
6) Oversee periodic information risk assessments and audits to ensure that information systems are adequately protected to meet all appropriate requirements
7) Monitors the performance of the Global IT Compliance Program and relates activities on a continuing basis, taking appropriate steps to improve its effectiveness.
8) Oversee the coordination of training the operations teams and affiliates responsible for com-pliance and data security initiatives.
9) Direct IT activities associated with the annual SOX testing and management of internal and external audit findings, through issue closure.
10) Oversee team that managers internal controls program test results and work with IT Man-agement to prepare management responses to all findings; and work closely with IT Senior Leadership, internal company audit staff and external auditors to analyze, evaluate, prioritize, and implement necessary technologies or technology related process improvements and modifications, which may include manual controls and implementation of automation.
11) Direct third partycontractors and ensure policies and procedures are adhere to established by the company.
Education: Bachelor’s degreerequired or a minimum of 15years of experience within a global IT organization, including strong demonstrated leadership. Familiar with operational, financial, quality assurance, business and operational risk and regulatory compliance is necessary.
At least 8 years of experience working with local, state, federal regulatory mandates (to include knowledge and in-depth experience with SOX, HIPAA, GLBA, PCI, EU Data Protection etc.)
Hold at least one industry certification and accreditations such as CISM, CISSP, PCI
The Vice President will possess the type of energy and passion that can motivate a geographically dispersed organization. Additionally, candidates will demonstrate an ability to attract and develop talent, creating a culture of operational excellence and technical discipline (think80/20), organizational and flexibility and efficiency (act 50/50), and teamwork and accountability (live 90/10) across cultural boundaries. Impeccable oral and written skills.
We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class.