Information Security Risk & Compliance Manager
Employment Type: Full-Time
The Information Security Risk & Compliance Manager is a critical position within Chobani's Global Information Security team, and has governance, risk, and compliance responsibilities from a technology and security perspective across the organization globally. This position is responsible for building and enhancing the GRC portfolio of efforts to raise the overall security and compliance posture and reduce risk levels for Chobani. This individual will be directly responsible for implementing, maintaining, and improving policies, procedures, and internal controls to assure compliance with applicable regulatory and legal requirements as well as best practices. The Information Security Risk & Compliance Manager will drive risk analysis, design controls, and implement industry best practice processes for teams and technologies across the organization. In addition to driving continuous improvement in this space, the Manager will lead efforts in the areas of information security policy, technology risk management, data protection, software security, and compliance with standards and regulations such as ISO, NIST, CCPA, SOX, and PCI.
The responsibilities of this position include:
* Develop, maintain, and enforce Information Security policies, procedures, and standards
* Responsible for implementing and maintaining procedures and controls to assure compliance with applicable regulatory, contractual, and legal requirements as well as good business practices
* Bridge gaps between IT controls and business controls, including ITGC's and automated business controls
* Operationalize various Information Security governance functions, such as enterprise security risk management, compliance management, policy management, third party risk management, software security, and metrics and reporting
* Perform risk assessments that address security threats, changes to systems and/or applications, process improvement initiatives, supplier assessments and other requests from the business
* Work closely with business, technology, and compliance counterparts to understand business objectives, initiatives, and ensure alignment with Information Security policies and best practices
* Operationalization of a metrics and reporting function to continually report on meaningful Information Security risk and compliance metrics for operational and executive management
* Managing assigned projects and program components to deliver services in accordance with established objectives and requirements in a timely and responsive manner
* Other duties as assigned by management
The requirements of this position include:
* Bachelor's degree in Information Systems, Information Security, or other related discipline
* Minimum of 5 years of experience in Information Security, Technology Risk Management, IT Audit, and/or IT Compliance functions
* Two (or more) years of IT Audit experience with a Big 4 firm is preferred
* Audit and compliance experience with SAP is a must
* Experience working in information security governance, with a broad understanding of a range of enterprise IT architectures (e.g., web applications, databases, operating systems, server infrastructure, mobile devices, and networking technologies)
* Understanding of security functions including: secure change management, secure SDLC, software/application security, identity and access management, supplier security risk management, patch and vulnerability management and security controls testing and validation
* Ability to recommend and manage the implementation of IT controls for compliance with relevant industry regulations and standards (including ISO 27001, NIST, CCPA, PCI, and Sarbanes-Oxley)
* Proven experience in the assessment of internal controls and communicating findings and recommendations to others clearly and accurately in non-technical terms is required
* Experience performing and managing security risk assessments against information security policies, standards, or frameworks
* Ability to translate technical information security risk findings and articulate them in business terms to non-technical stakeholders
* Understanding of international privacy and data protection regulations, such as CCPA and GDPR
* Knowledge of ISO 27001, PCI, NIST, COBIT, and Sarbanes-Oxley
* At least one of the following industry certifications is preferred:
* Certified Information Systems Auditor (CISA)
* Certification Information Security Manager (CISM)
* Certified Information Systems Security Professional (CISSP)
* Superior writing and editing skills with the ability to construct well-founded, clear, and concise analyses and recommendations
* Experience managing complex programs and projects
* Ability to resolve ambiguity and take decisive action
* Willing to travel up to 25%
Since our founding over 10 years ago, we've always been a different kind of company. After moving to New York from his native Turkey, our CEO Hamdi Ulukaya found that in America, yogurt just wasn't as delicious or widely available as it was back home. He thought everyone deserved better options, so he set about making delicious, nutritious, natural, and accessible Greek Yogurt right here in the U.S.
Our mission since day one has been to provide better food to more people. And now as the No. 1-selling Greek Yogurt brand in America that is expanding beyond yogurt, we believe every food maker has a responsibility to provide people with better options, which is why we're so proud of the way our food is made.
Our food philosophy of crafting quality products with simple ingredients is what sets Chobani apart. Our belief that business done right has the ability to change lives and strengthen communities is what sets our company apart. From the way we source our ingredients to how we treat our employees, Chobani strives to make universal wellness happen sooner with everything we do. Certified as a Great Place to Work®, our culture is built on shared passion, dedication, and a commitment to doing what is right. Together, the Chobani family has created something unlike what any company has done before. The possibilities are endless.
Chobani is an equal opportunity employer. Chobani will not discriminate against any applicant for employment on any basis including, but not limited to: race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, military and/or veteran status, marital status, predisposing genetic characteristics and genetic information, or any other classification protected by federal, state and local laws.