Claire's
Governance, Risk & Compliance Manager
Claire's, Hoffman Estates, Illinois, us, 60179
The GRC Manager is responsible for developing, implementing, and maintaining comprehensive governance, risk management, and compliance programs. The position will work closely with stakeholders and vendors to ensure alignment with industry regulations, best practices, and organizational objectives.
Main Responsibilities
Lead and manage Claire's Governance, Risk, & Compliance programDevelop and maintain information security policies, standards, and procedures aligned with industry best practices and collaborate with stakeholders as needed to do soConduct and participate in risk assessments, working proactively with vendors and stakeholders to collect any necessary dataCollaborating with stakeholders to develop and implement risk mitigation strategies and manage compliance initiativesIdentifying and managing appropriate controls, policies, procedures, compliance metrics, monitoring, reinforcement, and enforcement activities.Create and deliver GRC updates to senior leaders, including: reports concerning compliance failures, breaches or incidentsEnsure security controls are operating effectively by maintaining control documentation, performing periodic reviews, and coordinating with responsible parties to maintain complianceEnsure that the organization achieves a sufficient level of compliance with relevant information security and privacy-related obligations imposed by laws, regulations, standards, contracts, policies etc.Conduct regular internal audits and review to ensure that compliance procedures are followedEnsure employees are thoroughly updated about the organization's policies, regulations, and processes, developing and delivering programs to do soMaintains awareness of regulatory developments and industry trendsWork with internal stakeholders to document and ensure best practices for BCDR and identity and access managementQualifications
BS in Information Systems preferred but appropriate experience is acceptable.Excellent communication skills are needed with demonstrated ability to work with multiple organizational functions and levelsUnderstand NIST framework and how it appliesPCI assessment experienceExcellent writing skillsCertifications a plus; CISSP, CISA, or equivalent experience5-7 years of experience in the risk assessment or auditing of complex IT systems3-5 years of experience in Program Management, Governance or Compliance ManagementHigh level understanding of securing Hybrid PlatformsSolid understanding of IT concepts and operationsKnowledge of third-party auditing and cloud risk assessmentRisk Assessment methodologies and best practicesRisk Treatment and RemediationExperience working with and interacting with 3rd party auditorsWorking knowledge of Information Security best practices, audit frameworks and possibly privacy laws (e.g., familiarity with ISO 27000 series, SANS, NIST, OWASP Top 10, COBIT, CIS Top 20, PCI, CCPA, etc.Fundamental knowledge about GRC rules and regulationsBonus if you are familiar with conducting BIAs
Claire's is an equal opportunity employer committed to diversity, equity and inclusion and we encourage applications from members of all underrepresented groups, including those with disabilities. We will accommodate applicants' needs, upon request, throughout all stages of the recruitment process. Please inform us of the accommodation(s) that you may require.
Main Responsibilities
Lead and manage Claire's Governance, Risk, & Compliance programDevelop and maintain information security policies, standards, and procedures aligned with industry best practices and collaborate with stakeholders as needed to do soConduct and participate in risk assessments, working proactively with vendors and stakeholders to collect any necessary dataCollaborating with stakeholders to develop and implement risk mitigation strategies and manage compliance initiativesIdentifying and managing appropriate controls, policies, procedures, compliance metrics, monitoring, reinforcement, and enforcement activities.Create and deliver GRC updates to senior leaders, including: reports concerning compliance failures, breaches or incidentsEnsure security controls are operating effectively by maintaining control documentation, performing periodic reviews, and coordinating with responsible parties to maintain complianceEnsure that the organization achieves a sufficient level of compliance with relevant information security and privacy-related obligations imposed by laws, regulations, standards, contracts, policies etc.Conduct regular internal audits and review to ensure that compliance procedures are followedEnsure employees are thoroughly updated about the organization's policies, regulations, and processes, developing and delivering programs to do soMaintains awareness of regulatory developments and industry trendsWork with internal stakeholders to document and ensure best practices for BCDR and identity and access managementQualifications
BS in Information Systems preferred but appropriate experience is acceptable.Excellent communication skills are needed with demonstrated ability to work with multiple organizational functions and levelsUnderstand NIST framework and how it appliesPCI assessment experienceExcellent writing skillsCertifications a plus; CISSP, CISA, or equivalent experience5-7 years of experience in the risk assessment or auditing of complex IT systems3-5 years of experience in Program Management, Governance or Compliance ManagementHigh level understanding of securing Hybrid PlatformsSolid understanding of IT concepts and operationsKnowledge of third-party auditing and cloud risk assessmentRisk Assessment methodologies and best practicesRisk Treatment and RemediationExperience working with and interacting with 3rd party auditorsWorking knowledge of Information Security best practices, audit frameworks and possibly privacy laws (e.g., familiarity with ISO 27000 series, SANS, NIST, OWASP Top 10, COBIT, CIS Top 20, PCI, CCPA, etc.Fundamental knowledge about GRC rules and regulationsBonus if you are familiar with conducting BIAs
Claire's is an equal opportunity employer committed to diversity, equity and inclusion and we encourage applications from members of all underrepresented groups, including those with disabilities. We will accommodate applicants' needs, upon request, throughout all stages of the recruitment process. Please inform us of the accommodation(s) that you may require.