arkansas | Director, IT Risk & Compliance in Bentonville, AR

Director, IT Risk & Compliance

  • Symantec
  • $97,696.67 - 171,230.00 / Year *
  • 1701 Kimmel Rd
  • Bentonville, AR 72712
  • Full-Time
save job button



Director, IT Risk & Compliance
Job Description:
The IT Risk and Compliance Director will be responsible to provide strategic guidance and roadmap for risks and compliance management and operation in IT. This position will report to the VP of IT Strategy, Planning, and Business Operations, as part of the IT Leadership Team.
The Director will create, implement, and improve IT risks and compliance management processes specifically for risk identification, analysis, evaluation, education, integration and alignment across the company. The leader will be responsible for creating and enhancing the overall regulatory and risk assessment methodology, framework, and processes in IT. This leader will require the subject matter expertise to manage IT obligations and assessments of risk and compliance and related disciplines.
This role will need to build strong relationships with Symantec business partners, including internal audit, Global Risk and Compliance (GRC) organization and the other compliance and risks stakeholders within Symantec. The candidate will need to be effectively positioned to understand, articulate, and influence the IT Risk and Compliance (ITRC) strategy, plans, results, issues and outcomes. This leader will frequently communicate with C-Level executives to represent and discuss IT risks and compliance position. The director will also lead efforts to govern, communicate, and educate IT staff on the adherence to risk and compliance policies, standards, processes, and procedures.
This leader will work in an extremely complex, fast-paced matrixed environment, tight deliverable timeframes, and multiple stakeholders both internal and external to IT.
This position is expected to act independently and demonstrate strong initiative. This leader needs to influence outcomes, minimize and address conflicts and demonstrate in-depth understanding of risk management activities and the business risk and control environments. The role requires a sense of urgency, passion for results, and personal accountability for achievement.
The individual must possess expertise in process, technology, and business acumen along with strategic and innovative thinking and an unwavering focus on security and the customers. Their strong leadership and relationship skills, resilience and ability to effectively communicate will be key in driving results the right way.
Responsibilities:
* Define ownership, accountability, oversight, and roadmap of the ITRC service
* Define ITRC operating model and roles and responsibilities
* Develop and provide Operation / C-Level / Board of Directors risk and compliance reporting (metrics, KPIs)
* Manage alignment and working relationship with stakeholders, partners, and other corporate groups
* Manage and develop risk assessment lifecycle
* Assess and improve effectiveness of current risk management process and risk register
* Assess and analyze potential security impacts and current controls
* Prioritization and rectification of risks
* Understand current state, recommend, and implement new or improve existing policies and procedures such as:
+ User access management including provisioning, termination and access reviews
+ Threat and Vulnerability Management
+ Crisis Management
+ Escalation Management
+ Privacy, GDPR and other relevant standards
* Process and Operation Controls that include:
+ Gap assessments and improvement in data protection and monitoring policies / procedures
+ Compliance Monitoring and Reporting of audits activities
+ Information and data protection activities
+ Project delivery and change management risks
+ IT Asset Lifecycle management
+ Third party risk management
+ Computer operation and maintenance
* Automation support and alignment with Global Security Office efforts
* Identify education requirements, conduct training, and implement communication plan for IT staff, managers, partners, and stakeholders.
Qualifications
* Bachelor's degree (Master preferred) in Business, Sciences, Information Technology or equivalent
* 10 years of experience in business and operations in the tech industry
* 7+ years of experience in risks and compliance disciplines: audits, regulatory compliance, risk management, program management and change management in security and governance
* Experience building and managing a team consist of global company resources, consultants/contractors in different time zone
* Certification and knowledge for CISSP/CISM/CISA, CoBIT, ISO31000
* Detailed knowledge and working experience deploying compliant processes and standards such as SOX, SOC2, PCI, GDPR, ISO, etc.
* Experience in identification and remediation of security threats and risks
* Detailed knowledge of how operational controls are implemented to meet compliance needs
* Skilled at preparing and presenting compliance and risks reporting at all levels of the company - from operational efforts through Executive level presentation
* Strong communication skills, interpersonal skills, and presentation skills that allow effective interactions/communications with executives, business partners across regional and/or functional lines including the cascade of knowledge to the operating level.
* Strong analytical and problem-solving skills, with demonstrated intellectual and analytical rigor
Desired Qualifications
* Familiar with enterprise infrastructure designs and concepts including Authentication, Logging, Interconnectivity, Internet and application proxy, cloud computing, hosting, SaaS, application code security, Virtual computing, Database administration, Data storage, Data backup, Encryption, Middleware, Firewall policy, Network architecture, etc.
* Consulting experience
* Experience in Lean or Six Sigma process improvement
* Experience in ITIL or Service Management framework
#LI-DR1
==================== ====================
Symantec is an equal opportunity employer. All candidates for employment will be considered without regard to race, color, religion, sex, gender identity, sexual orientation, national origin, physical or mental disability, veteran status, or any other basis protected by applicable federal, state or local law.

This leader will work in an extremely complex, fast-paced matrixed environment, tight deliverable timeframes, and multiple stakeholders both internal and external to IT. This position is expected to act independently and demonstrate strong initiative. This leader needs to influence outcomes, minimize and address conflicts and demonstrate in-depth understanding of risk management activities and the business risk and control environments. The role requires a sense of urgency, passion for results, and personal accountability for achievement. The individual must possess expertise in process, technology, and business acumen along with strategic and innovative thinking and an unwavering focus on security and the customers. Their strong leadership and relationship skills, resilience and ability to effectively communicate will be key in driving results the right way., * Bachelor's degree (Master preferred) in Business, Sciences, Information Technology or equivalent * 10 years of experience in business and operations in the tech industry * 7+ years of experience in risks and compliance disciplines: audits, regulatory compliance, risk management, program management and change management in security and governance * Experience building and managing a team consist of global company resources, consultants/contractors in different time zone * Certification and knowledge for CISSP/CISM/CISA, CoBIT, ISO31000 * Detailed knowledge and working experience deploying compliant processes and standards such as SOX, SOC2, PCI, GDPR, ISO, etc. * Experience in identification and remediation of security threats and risks * Detailed knowledge of how operational controls are implemented to meet compliance needs * Skilled at preparing and presenting compliance and risks reporting at all levels of the company - from operational efforts through Executive level presentation * Strong communication skills, interpersonal skills, and presentation skills that allow effective interactions/communications with executives, business partners across regional and/or functional lines including the cascade of knowledge to the operating level. * Strong analytical and problem-solving skills, with demonstrated intellectual and analytical rigor, * Familiar with enterprise infrastructure designs and concepts including Authentication, Logging, Interconnectivity, Internet and application proxy, cloud computing, hosting, SaaS, application code security, Virtual computing, Database administration, Data storage, Data backup, Encryption, Middleware, Firewall policy, Network architecture, etc. * Consulting experience * Experience in Lean or Six Sigma process improvement * Experience in ITIL or Service Management framework


Associated topics: c, c++, database architecture, etl, information technology infrastructure library, life cycle, linux, microsoft, software, software manager


* The salary listed in the header is an estimate based on salary data for similar jobs in the same area. Salary or compensation data found in the job description is accurate.