Risk & Compliance is adherence to industry, governmental, corporate and third party control requirements and assessing risk factors within the IT environment. This position will work with the Director, IT Risk & Compliance to align with requirements and ensure compliance industry acceptable standards. This role will also maintain internal controls and identify technical compliance gaps and assist Stericycle teams in building remedial actions to address enterprise compliance gaps. .
Key Position Activities:
Establish and oversee formal risk analysis and self-assessments program for various IT systems and processes.
Receive and manage compliance issues through investigation, consulting with appropriate owners and resolution or mitigation strategy
Promote and monitor our corporate wide IT risk awareness program. Coach, lead, develop, and train team members and external partners as necessary.
Help ensure compliance with HIPAA, PCI, HighTrust. SOX and SOC (Etc.) for Stericycle Business Units. Work with business units to ensure data and applications are properly classified. Work with Internal Audit, General Counsel and Business Units to remediate new and outstanding issues.
Create / onboard a GRC system (service now). Track related issues in the electronic GRC system. Create / run ad hoc reports, metrics and issue log.
Escalate issues and/or reporting to audit and compliance stakeholders for internal or external audit actions. Coordinates resolution of audit action points and remediation.
Education equivalent to Bachelor’s Degree in Information Technology or the equivalent in related experience; an M.B.A. or M.S. in Information Security is preferred.
Three or more years of experience in a fast-paced IT professional role.
Completion of courses in Audit and/or IT Audit is a plus.
Experience with risk analysis tools, technologies and policies and understanding of business impact.
Strong leadership abilities, with the capability to develop and guide IT team members and operations personnel, and work with minimal supervision.
Experience working with legal, audit and compliance staff.
Experience developing and maintaining policies, procedures, standards and guidelines.
Experience with information security management frameworks, such as International Standards Organization (ISO) 2700x, NIST, the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (COBIT) frameworks.
Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies.
Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
Project Management or Audit training / certification an asset.
We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class.