The focus of this role is Global IT compliance, risk, and security in the broader sense. Stericycle’s goal is apply global IT industry best practices, enabling Stericycle to instill the business with new insights regarding global data, business risk, compliance, and information security. Stericycle provides and delivers services and hosts direct consumer data to its customers - hence exposure to potential threats is high and adherence with global regulatory mandates is essential. This leadership position ensures the Global IT initiatives and operational elements adhere to and are applicable with regulations of US and international regulatory agencies, that company policies and procedures are being followed, and that behavior in the organization meets the company’s Standards of Conduct. Key Job Activities: From a Global and Enterprise wide perspective – will develop, initiate, oversee, and revise IT related policies and procedures for the general operations and its related activities to prevent illegal, unethical, or improper conduct. Develops and periodically reviews and updates Standards of Conduct to ensure continuing currency and relevance in providing guidance to management and employees. Identifies potential areas of compliance vulnerability and risk; develops/implements corrective action plans for resolution of problematic issues, and provides general guidance on how to avoid or deal with similar situations in the future. Provides reports on a regular basis, and as directed or requested, to keep the Corporate Compliance Committee of the Board and senior management informed of the IT operation and progress of compliance efforts. Institutes and maintains an effective Global compliance communication program for the IT organization, including promoting (a) use of the Compliance reporting; (b) heightened awareness of Standards of Conduct, and (c) understanding of new and existing compliance issues and related regulations, policies, and procedures. Works with the Human Resources Department and others as appropriate to develop an effective compliance training program, including appropriate introductory training for new employees as well as ongoing training for all employees and managers. Monitors the performance of the Global IT Compliance Program and relates activities on a continuing basis, taking appropriate steps to improve its effectiveness. He/she will coordinate training to operations teams and affiliates responsible for compliance and data security initiatives. Will direct IT activities associated with the annual SOX testing and management of internal and external audit findings, through issue closure. Works with the Human Resources Department and others as appropriate to develop an effective compliance training program, including appropriate introductory training for new employees as well as ongoing training for all employees and managers. Will work closely with IT Senior Leadership, internal company audit staff and external auditors to analyze, evaluate, prioritize, and implement necessary technologies or technology related process improvements and modifications. Which may include manual controls and implementation of automation. Will supervise both employees and third party contractors and companies. Must be capable of working within a matrixed environment, interfacing with both internal and external professionals at all levels of management and will serve as a member of the IT Business Operations team and report directly to the VP, IT Business Operations.
Education & Skill Requirements: Education: Bachelor’s degree required or a minimum of 7 years of experience within a IT global organization, including strong demonstrated leadership. Familiar with operational, financial, quality assurance, business and operational risk and regulatory compliance is necessary. At least 5 years of experience working with local, state, federal regulatory mandates (to include knowledge and in-depth experience with SOX, HIPAA, GLBA, PCI, EU Data Protection etc.) Hold at least one industry certification and accreditations such as CISM, CISSP, PCI The Director will possess the type of energy and passion that can motivate a geographically dispersed organi-zation. Additionally, candidates will demonstrate an ability to attract and develop talent, creating a culture of operational excellence and technical discipline (think 80/20), organizational and flexibility and efficiency (act 50/50), and teamwork and accountability (live 90/10) across cultural boundaries. Impeccable oral and written skills