SAS is seeking an IT Governance, Risk and Compliance Manager. They will be responsible for the governance, risk and compliance activities for the company, including:
Providing leadership and coaching for a team of governance, risk and compliance professionals.
- Using a risk-based approach to manage governance, risk and compliance programs
- Incorporating security and privacy by design into systems and processes
- Assure compliance with security and privacy frameworks, standards and regulations
- Implements and manages the appropriate controls, metrics and programs that allow SAS to meet its governance, risk and compliance objectives while minimizing impact to the speed of business.
The IT Governance, Risk and Compliance Manager will maintain a high level of technical expertise in at least one major governance, risk and compliance area and knowledge of its connectivity to other systems and organizations at SAS.
- Able to lead compliance program/project initiatives, audits and benchmarking of security policies against good practice and standards, including ISO 27001:2013
- Identify and recommend cost-effective improvements to security practices
- Interacts with internal customers to develop requirements and initiate and/or implement solutions to meet these requirements. Maintaining interaction with the appropriate function sponsors and/or governance committees.
- Interfaces with the CISO, Global Information Security, legal, HR and other compliance teams to drive consistency for security, privacy and GRC programs across the business.
- Ensures that governance, risk and compliance programs are effective, transparent and easy to work with.
- Researches and stays aware of new governance, risk and compliance frameworks, standards and regulations.
- Keeps management and group members informed.
- Manages administrative aspects of the team including personnel matters. Helps set performance goals/standards/objectives for the team. Performs all management responsibilities for the team including coaching and fostering growth and development. Interviews and selects staff. Responds to other personnel matters.
- Ensures GRC support documentation is developed and maintained completely and on a timely basis.
- Assumes overall responsibility for projects within the governance, risk and compliance area.
- Performs long-range planning of associated governance, risk and compliance programs.
- Coordinates all changes to assigned systems with all other systems of the company and with all personnel affected.
- Works with other managers to coordinate project/goals of the division.
Knowledge, Skills and Abilities
- Strong management and leadership skills
- In-depth knowledge of all aspects of governance, risk and compliance programs including ISO 27001, GDPR, HIPAA/HITRUST, Privacy, NIST 800-53, SOC x, Audit, Policy, Awareness and Training, Risk, Vendor Management and FedRAMP.
- Good working experience with ISO 27001, ISO 27002 and ISO 27005.
- Proven ability to work across all organizational levels of a large enterprise
- The ability to be flexible with others, to display tact and diplomacy, and to maintain a high degree of confidentiality and integrity
- Strong ability to handle multiple projects at the same time
- Good ability to supervise and train employees with varying skill sets in a high-pressure environment
- Good verbal, written, and interpersonal skills
- Ability to solve complex problems
- Travel as business requires or at management discretion
- Bachelor's degree in a quantitative field, preferably in Computer Science, Information Technology, or a related discipline.
- CISSP, CISA, GSNA, or CRISC certification
- ISO27001:2013 Lead Auditor or Lead Implementor trained
- Eight years of experience in governance, risk and compliance; information security audit and securing IT systems.
- Two years of experience in a leadership role.
- Experience of working in an ISO 27001 certified environment
- Equivalent combination of education, training, and relevant experience may be considered in place of the requirements stated above.
To qualify, applicants must be legally authorized to work in the United States, and should not require, now or in the future, sponsorship for employment visa status. SAS is an equal opportunity employer. All qualified applicants are considered for employment without regard to race, color, religion, gender, sexual orientation, gender identity, age, national origin, disability status, protected veteran status or any other characteristic protected by law. Read more: Equal Employment Opportunity is the Law. Also view the supplement EEO is the Law, and the notice Pay Transparency
Equivalent combination of education, training and experience may be considered in place of the above qualifications. The level of this position will be determined based on the applicant's education, skills and experience. Resumes may be considered in the order they are received. SAS employees performing certain job functions may require access to technology or software subject to export or import regulations. To comply with these regulations, SAS may obtain nationality or citizenship information from applicants for employment. SAS collects this information solely for trade law compliance purposes and does not use it to discriminate unfairly in the hiring process.
To applu and for more information, please visit: https://careers-sas.icims.com/jobs/17683/it-governance%2c-risk-%26-compliance-manager/job?mode=apply&apply=yes&in_iframe=1&hashed=-336115570