The Kraft Group
Information Security Risk and Compliance Auditor
The Kraft Group, Foxborough, Massachusetts, United States, 02085
Job Details
Job LocationKraft Group - Foxborough, MA
Position TypeFull Time
Education LevelBachelor's
Job ShiftDay
Job CategoryTechnical/Analytics
Description
SUMMARY:
This role will be responsible for building and implementing programs, policies, and practices to ensure that the organization complies with industry and government regulatory compliance. You will liaise closely with internal business units, Legal, HR and other relevant departments to increase security awareness, assess compliance and where necessary, provide support in remediating non-compliant areas.
DUTIES AND RESPONSIBILITIESEstablish and manage a compliance calendar for training and attestations. Identify and coordinate the delivery of IT security training and awareness for both technical and non-technical audiences.Document and communicate policies and procedures as they relate to IT security and risk management to all key stakeholders. Establish and maintain a repository of policies and procedures for internal constituent's use.Leverage organizational risk assessment to develop and refine on-going processes and deliverables to improve IT security and compliance. Work collaboratively with external partners on ad hoc risk assessments to focus on specific areas of concern and deliverables. Document and archive vendor risk assessment reviews and attestations.Partner with the business unit leadership on standards and regulations, such as PCI DSS, EU GDPR, FDA CFR or new business initiative needs to ensure compliance and completion of any filings or attestations. Act as an advisor to associates and management on specific security requirements, implementations and the impact on business processes, applications and systems as needed.Assist in data protection program initiativesCommunicate identified security risks to appropriate parties to ensure a clear understanding of the risks as well as potential mitigations.Provide a monthly report on the status of any compliance activities and remediation efforts. Circulate these finding to Key Stakeholders.Remain current and a functional expert in security practices and IT security regulatory compliance.Special projects and assignments as business dictates.Responsible for the maintenance, creation and control of all personally identifiable information or any other information protected by any Confidentiality or Privacy Standards or Company Policies that you have access or knowledge of, including but not limited to any state or federal regulations including HIPAA.
SUPERVISORY RESPONSIBILITIESThis position has no supervisory responsibilities.SKILLS AND QUALIFICATIONS
Bachelor's degree in information technology related field, management information systems, or business administration3 or more years of experience in information security, governance, IT audit, or risk managementStrong understanding of security governance, compliance, and risk management principlesAnalytical ability to assess risks, adequacy of controls, and impact upon business processesAbility to work and learn independentlyStrong written and verbal communication skills with all levels of managementAbility to manage multiple tasks concurrentlyPHYSICAL DEMANDS
Sitting for extended periods of timeDexterity of hands and fingers to operate a computer keyboard, mouse, and other computing equipmentThe employee frequently is required to talk or hearThe employee is occasionally required to reach with hands and armsSpecific vision abilities required by this job include close vision, distance vision, color vision, peripheral vision, depth perception, and ability to adjust focusReasonable accommodations may be made to enable individuals with disabilities to perform the essential functionsWORK ENVIRONMENT
The noise level in the work environment is usually moderateFast paced office environmentOn-call availabilityCERTIFICATES, LICENSES, REGISTRATIONS
CISA or similar certificationCISSP or CISM certification preferredCobIT or related IT audit experience preferred
OTHER DUTIES
Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.
This company is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other legally protected characteristics.
#LI-KG
Job LocationKraft Group - Foxborough, MA
Position TypeFull Time
Education LevelBachelor's
Job ShiftDay
Job CategoryTechnical/Analytics
Description
SUMMARY:
This role will be responsible for building and implementing programs, policies, and practices to ensure that the organization complies with industry and government regulatory compliance. You will liaise closely with internal business units, Legal, HR and other relevant departments to increase security awareness, assess compliance and where necessary, provide support in remediating non-compliant areas.
DUTIES AND RESPONSIBILITIESEstablish and manage a compliance calendar for training and attestations. Identify and coordinate the delivery of IT security training and awareness for both technical and non-technical audiences.Document and communicate policies and procedures as they relate to IT security and risk management to all key stakeholders. Establish and maintain a repository of policies and procedures for internal constituent's use.Leverage organizational risk assessment to develop and refine on-going processes and deliverables to improve IT security and compliance. Work collaboratively with external partners on ad hoc risk assessments to focus on specific areas of concern and deliverables. Document and archive vendor risk assessment reviews and attestations.Partner with the business unit leadership on standards and regulations, such as PCI DSS, EU GDPR, FDA CFR or new business initiative needs to ensure compliance and completion of any filings or attestations. Act as an advisor to associates and management on specific security requirements, implementations and the impact on business processes, applications and systems as needed.Assist in data protection program initiativesCommunicate identified security risks to appropriate parties to ensure a clear understanding of the risks as well as potential mitigations.Provide a monthly report on the status of any compliance activities and remediation efforts. Circulate these finding to Key Stakeholders.Remain current and a functional expert in security practices and IT security regulatory compliance.Special projects and assignments as business dictates.Responsible for the maintenance, creation and control of all personally identifiable information or any other information protected by any Confidentiality or Privacy Standards or Company Policies that you have access or knowledge of, including but not limited to any state or federal regulations including HIPAA.
SUPERVISORY RESPONSIBILITIESThis position has no supervisory responsibilities.SKILLS AND QUALIFICATIONS
Bachelor's degree in information technology related field, management information systems, or business administration3 or more years of experience in information security, governance, IT audit, or risk managementStrong understanding of security governance, compliance, and risk management principlesAnalytical ability to assess risks, adequacy of controls, and impact upon business processesAbility to work and learn independentlyStrong written and verbal communication skills with all levels of managementAbility to manage multiple tasks concurrentlyPHYSICAL DEMANDS
Sitting for extended periods of timeDexterity of hands and fingers to operate a computer keyboard, mouse, and other computing equipmentThe employee frequently is required to talk or hearThe employee is occasionally required to reach with hands and armsSpecific vision abilities required by this job include close vision, distance vision, color vision, peripheral vision, depth perception, and ability to adjust focusReasonable accommodations may be made to enable individuals with disabilities to perform the essential functionsWORK ENVIRONMENT
The noise level in the work environment is usually moderateFast paced office environmentOn-call availabilityCERTIFICATES, LICENSES, REGISTRATIONS
CISA or similar certificationCISSP or CISM certification preferredCobIT or related IT audit experience preferred
OTHER DUTIES
Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.
This company is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other legally protected characteristics.
#LI-KG