Maintains Chobani Information Security policies, procedures, and standards and regularly evaluate compliance with an emphasis on continuous improvement
Leads the management of and enhancements to Chobani’s suite of GRC tools, including: SAP GRC Access Control and Process Control, OneTrust, and Workiva
Responsible for implementing and maintaining internal controls to assure compliance with applicable regulatory, contractual, and legal requirements as well as good business practices
Accountable for bridging gaps between IT controls and business controls, including designing, implementing, and maintaining ITGC's and automated business controls
Operationalizes various cyber security governance functions, such as enterprise security risk management, compliance management, and policy management
Collaborates with business and technology counterparts to understand business objectives, initiatives, and ensure alignment with cyber security policies and best practices
Develops and maintains meaningful cyber security risk and compliance metrics and provide periodic updates to management
Acts as liaison between technology team and internal/external audit partners
Leads ongoing technology risk assessment programs and processes, and tracking mitigation efforts
Manages and facilitates assigned projects and program components to deliver services in accordance with established objectives and requirements in a timely and responsive manner
Other duties as assigned by management

Requirements

Bachelor’s degree in Information Systems, Information Security, or other related discipline
Minimum of 8 years of experience in Information Security, Technology Risk Management, IT Audit, or IT Compliance functions
Three (or more) years of IT Audit experience with a Big 4 firm is preferred
Risk and compliance experience with SAP S/4 HANA is a must
Candidates should have a foundational understanding of basic security role/authorization concepts in SAP, and be able to explain security design to business leaders in non-technical manner.
Understanding and ability to maintain configurations within SAP GRC Access Control (including access request management, user access review, and segregation of duties workflows) and Process Control (including continuous control monitoring & manual control performance functionality)
Experience working in information security governance, with a broad understanding of a range of enterprise IT architectures (e.g., web applications, databases, operating systems, server infrastructure, mobile devices, and networking technologies)
Understanding of security functions including: secure change management, secure SDLC, software/application security, identity and access management, supplier security risk management, patch and vulnerability management and security controls testing and validation
Ability to manage and continuously improve IT controls for compliance with relevant industry regulations and standards (including ISO 27001, NIST, CCPA, PCI, and Sarbanes-Oxley)
Proven experience in the assessment of internal controls and communicating findings and recommendations to others clearly and accurately in non-technical terms is required
Experience performing and managing security risk assessments against information security policies, standards, or frameworks
Ability to translate technical information security risk findings and articulate them in business terms to non-technical stakeholders
Knowledge of and experience applying one (or more) of the following security and compliance frameworks: ISO 27001, PCI, NIST, COBIT, and Sarbanes-Oxley
At least one of the following industry certifications is preferred: Certified Information Systems Auditor (CISA) Certification Information Security Manager (CISM) Certified Information Systems Security Professional (CISSP)
Superior writing and editing skills with the ability to construct well-founded, clear, and concise analyses and recommendations
Experience managing complex programs and projects
Ability to resolve ambiguity and take decisive action
Be willing to travel at least 25%

Benefits

medical, dental, vision coverage
401K match
short- and long-term disability coverage
health savings accounts
flexible spending accounts
tuition reimbursement
health care navigation
mental health services
fertility assistance
paid parental leave
120 hours of PTO
11 Holidays each year

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

Information SecurityTechnology Risk ManagementIT AuditIT ComplianceSAP GRC Access ControlSAP S/4 HANAsecurity role/authorization conceptssecurity functionssecurity risk assessmentsIT controls

Soft Skills

communicationcollaborationproject managementanalytical skillsproblem-solvingwritingeditingdecisive actionability to resolve ambiguitystakeholder engagement

Certifications

Certified Information Systems Auditor (CISA)Certified Information Security Manager (CISM)Certified Information Systems Security Professional (CISSP)