Job Details Job Location Kraft Group - Foxborough, MA
Position Type Full Time
Education Level Bachelor's
Job Shift Day
Job Category Technical/Analytics
Description SUMMARY: This role will be responsible for building and implementing programs, policies, and practices to ensure that the organization complies with industry and government regulatory compliance. You will liaise closely with internal business units, Legal, HR and other relevant departments to increase security awareness, assess compliance and where necessary, provide support in remediating non-compliant areas.
DUTIES AND RESPONSIBILITIES - Establish and manage a compliance calendar for training and attestations. Identify and coordinate the delivery of IT security training and awareness for both technical and non-technical audiences.
- Document and communicate policies and procedures as they relate to IT security and risk management to all key stakeholders. Establish and maintain a repository of policies and procedures for internal constituent's use.
- Leverage organizational risk assessment to develop and refine on-going processes and deliverables to improve IT security and compliance. Work collaboratively with external partners on ad hoc risk assessments to focus on specific areas of concern and deliverables. Document and archive vendor risk assessment reviews and attestations.
- Partner with the business unit leadership on standards and regulations, such as PCI DSS, EU GDPR, FDA CFR or new business initiative needs to ensure compliance and completion of any filings or attestations. Act as an advisor to associates and management on specific security requirements, implementations and the impact on business processes, applications and systems as needed.
- Assist in data protection program initiatives
- Communicate identified security risks to appropriate parties to ensure a clear understanding of the risks as well as potential mitigations.
- Provide a monthly report on the status of any compliance activities and remediation efforts. Circulate these finding to Key Stakeholders.
- Remain current and a functional expert in security practices and IT security regulatory compliance.
- Special projects and assignments as business dictates.
- Responsible for the maintenance, creation and control of all personally identifiable information or any other information protected by any Confidentiality or Privacy Standards or Company Policies that you have access or knowledge of, including but not limited to any state or federal regulations including HIPAA.
SUPERVISORY RESPONSIBILITIES - This position has no supervisory responsibilities.
SKILLS AND QUALIFICATIONS - Bachelor's degree in information technology related field, management information systems, or business administration
- 3 or more years of experience in information security, governance, IT audit, or risk management
- Strong understanding of security governance, compliance, and risk management principles
- Analytical ability to assess risks, adequacy of controls, and impact upon business processes
- Ability to work and learn independently
- Strong written and verbal communication skills with all levels of management
- Ability to manage multiple tasks concurrently
PHYSICAL DEMANDS - Sitting for extended periods of time
- Dexterity of hands and fingers to operate a computer keyboard, mouse, and other computing equipment
- The employee frequently is required to talk or hear
- The employee is occasionally required to reach with hands and arms
- Specific vision abilities required by this job include close vision, distance vision, color vision, peripheral vision, depth perception, and ability to adjust focus
- Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions
WORK ENVIRONMENT - The noise level in the work environment is usually moderate
- Fast paced office environment
- On-call availability
CERTIFICATES, LICENSES, REGISTRATIONS - CISA or similar certification
- CISSP or CISM certification preferred
- CobIT or related IT audit experience preferred
OTHER DUTIES Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.
This company is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other legally protected characteristics.
#LI-KG