Aufgaben

  • Conduct internal IT, Cybersecurity, and third-party information security risk management activities for various information services systems and processes including IT SOX and GxP compliance
  • Implement controls to build and enhance the GRC program
  • Monitor, remediate, and report controls gaps in the IT and Cybersecurity program areas
  • Provide management level status update and risk profile dashboards including current and desired future state of control maturity
  • Collaborate with IT and business stakeholders to understand risks to critical infrastructure by defining potential business impacts
  • Assess, report and mature the compliance posture for internal policies and guidelines as well as regulatory requirements based on frameworks including ISO, NIST CSF, GDPR, other EU oriented data security & privacy laws and regulations
  • Maintain, improve, and enforce security policies and IT security standards along with security exception processes
  • Effectively engage IT, stakeholders, business partners, and vendors to maintain an understanding of current risks, new systems, and changes to the environment
  • Support efforts including but not limited to: Policy Management, IT Compliance Management and Training
  • Awareness Management, SDLC, IT Risk Management and Vendor Security Risk Management
  • Support regulatory compliance audits relating to SOX and GxP

Qualifikationen

  • 3+ years experience of GRC implementation, processes, and practices
  • Experience working with and implementing GRC tools and processes.
  • Experience building and developing successful risk management programs.
  • Experience with vendor management and conducting third-party risk assessments.
  • Experience creating and maintaining security policy, standard, guideline and procedure documents
  • Knowledge and experience in security and compliance frameworks such as NIST, ISO

Preferred:
  • Experience leading regulatory compliance, such as GxP, SOX
  • Experience in facilitating and performing third-party vendor risk assessments with the ability to provide guidance on secure design and operation.
  • Experience in OneTrust, cloud security and compliance, encryption, access controls, intrusion detection and prevention, disaster recovery, network security, security operations, security architect
  • Experience working in a global enterprise environment.
  • Relevant and current industry certification(s): CRISC, CISSP, CISM, CISA