Compliance is adherence to industry, governmental, corporate and third-party control requirements. This position will work with the Director, IT Risk and Compliance and is responsible for the coordination of pro-jects within the IT Governance, Risk and Compliance Team. This position is expected to implement a risk management framework and monitor, and control assigned IT compliance projects. Working in a team-based setting, s/he will collaborate to ensure business needs are properly translated into comprehensive technical details using a common set of baseline tools and templates. S/he will manage timely project com-pletion by ensuring client information is gathered, project requirements are defined and agreed, specifica-tions are confirmed and aligned, and the transition to operational project readiness is successful.
Key Job Activities:
Oversee Stericycle’s IT risk management program (policies, standards, guidelines and baselines) under the direction of Director, IT Risk & Compliance. Manage compliance efforts with applicable regulatory and legal requirements.
Works with business teams across the global organization to develop and execute the IT Risk Compliance and Risk Management program framework, extending processes as necessary to help business identify information risk and manage mitigation to an acceptable level.
Identify and work with respective owners for the mitigation of risk for IT processes which are not compliant with information security and risk frameworks or legal/regulatory requirements.
Lead members within the Risk and Compliance organization in assessing risk, developing appropriate controls and advising on creation of action plans to address gaps.
Works closely with global business, contract and legal teams to assess proposed terms and conditions, align with appropriate risk profile and provide feedback on changes needed.
Identifies trends and early indicators in issues and escalates or reports to management as appropriate.
Prepares and manages project plans, including work breakdown, obtaining resources, collaboratively resolving escalated issues, and monitoring schedules to achieve timely deliverables, on-budget.
Monitors and manages issues and risk register to ensure risks are accurately represented and actively managed.
Recognizes opportunities to balance risk and creativity in quickly responding to business opportunities.
Prepares management reports and assists with project management responsibilities within IT Risk & Compliance organization. Performs other duties as assigned.
•Education equivalent to Bachelor’s Degree in Information Technology or the equivalent in related experience; an M.B.A. or M.S. in Information Security is preferred
• Seven to ten years of experience in a fast-paced professional role.
• Experience with risk analysis tools, technologies and policies. Understanding of Business Impact.
• Data analytics experience or GRC
• Strong leadership abilities, with the capability to develop and guide IT team members and operations personnel, and work with minimal supervision.
• Experience working with legal, audit and compliance staff.
• Experience developing and maintaining policies, procedures, standards and guidelines.
• Experience with information security management frameworks, such as International Standards Organization (ISO) 2700x, NIST, the IT Infrastructure Library (ITIL) and Control Objectives for Infor-mation and Related Technology (COBIT) frameworks.
• Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies.
• Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
• Project Management or Audit training / certification an asset.
Preferred Education & Experience:
• CISA (Certified Information Security Auditor), CISM (Certified Information Security Manager), CRISC (Certified in Risk and Information Systems Control) or CISSP (Certified Information System Security Professional) certifications helpful, but not required.
• Experience working with ISO 27001 (or similar) security framework, PCI DSS and CSA CCM standards in operational IT environment required.
We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class.