Manager, Information Security Risk and Compliance in Atlanta, GA at Mauser Packaging Solutions

Date Posted: 10/25/2019

Job Snapshot

  • Employee Type:
    Full-Time
  • Location:
    Atlanta, GA
  • Job Type:
  • Experience:
    Not Specified
  • Date Posted:
    10/25/2019

Job Description

Plant Name: Atlanta Headquarters

Requisition ID:003903--Corp


Mauser Packaging Solutions is a global leader in solutions and services across the packaging life-cycle, providing large and small metal, plastic, fiber and hybrid packaging worldwide to companies in industries from food, beverage, personal care and pharmaceuticals to chemicals, petrochemicals, agrochemicals and paints. Bringing together the very best of its four legacy companies— BWAY, MAUSER Group, NCG and ICS—Mauser Packaging Solutions offers its customers true sustainability at scale.

Job Description

As the Manager of Information Security Risk and Compliance, you will lead and motivate a cross-functional team of members in the development and implementation of compliance solutions. You will engage with leaders across the enterprise on matters ranging from implementation of risk policy to monitoring of 1st line control execution and management of remediation activities.  This function includes, but is not limited to, independently performing complex and often unique work assignments and problem resolution within an enterprise projects and functions. You will serve as the subject matter expert to ensure documents, projects, processes, and product initiatives comply with regulatory and legal requirements and enterprise policy.  The position will work closely with both Enterprise Risk Management and the business areas to ensure there is a consistent and common approach to implementation of risk management activities. The scope of services will include working with the Information Technology, Identity and Access Management and Cyber Risk Monitoring and Compliance functions.

Duties

  • Develops and maintains a consistent, repeatable process for identifying risks, qualitatively and quantitatively risk assessments, determining risk treatment, and managing associated findings and remediation plans. Scope of risk management domain includes, but is not limited to, asset risk management, third party risk management, and vulnerability risk management.
  • Develops and reports security risk and compliance metrics for the enterprise, departments, processes, and individual assets.
  • Collect and manage monthly KRI data; analyze and facilitate discussion with the business areas.
  • Develops information security policies, standards, procedures, and guidelines in accordance with the overarching Information Security Risk Framework.
  • Supports ongoing compliance activities and monitoring efforts across applicable Regulations and Standards (e.g. HIPAA, SOX, GDPR, etc.).
  • Serves as a GRC subject matter expert for information risk by supporting complex analysis and leading risk management capability improvement.
  • Manages policy exceptions, identifies rationale and risks in support of exception requests, weighs effectiveness of compensating controls, and makes recommendations around exception requests.
  • Influences technical and strategic direction of the Risk Management and Compliance program.
  • Develops, designs and delivers compliance strategies to influence business leadership on effective solutions.
  • Maintains and expands expert knowledge of the competitive/regulatory landscape and the company's key challenges.
  • May coordinate and respond to regulatory requirements and requests and ensures the execution of examinations.
  • Executes compliance risk management activities in accordance with enterprise compliance standards.
  • Serves as the technical expert regarding compliance laws and regulations and provides direction to others on complex issues.
  • Responsible for the design and build of Risk solutions and frameworks.
  • Defines information security controls that support risk assessments and support the development of secure architectures.
  • Ensure program alignment with the overall business strategy.
  • Provide security risk consulting services internally to the organization by giving security guidance and functioning as an information security subject matter professional. Includes security analysis of proposed architectures, providing risk assessment feedback, to include security requirements and compensating control alternatives where security requirements cannot be met.
  • Manage all facets and provide project level leadership for multiple assigned security projects that when implemented will provide an improved risk posture.
  • Collaborate and build relationships with key IT, Security and core business partners to enable continued security education and awareness around assigned Security Risk initiatives and to improve overall relationships.

 

Job Requirements

Required Qualifications

  • Minimum of 6 years of progressive experience in information security is required
  • Must have experience and demonstrated proficiency in Information Security Risk Management and Compliance program leadership and execution, managing complex and large process change projects, and advanced knowledge of cyber-security threats.
  • Experience with cloud risks.
  • Experience working with distributed teams and other cross-functional stakeholders
  • Travel (periodically).
  • Applicants must be authorized to work in the US without requiring employer sponsorship currently or in the future.

Preferred Qualifications

  • Master's Degree or MBA is preferred or a closely-related degree
  • 8+ years’ experience
  • Comprehensive understanding of risk assessment protocols to develop appropriate assessment models to evaluate program effectiveness and quantify information security and cyber-security risks across the organization
  • Expert knowledge of information security identity and access management and delivery functions, application security and data access integrity
  • Expert knowledge of third-party vendor security risk management and cyber supply chain management
  • Expert knowledge of regulatory requirements, risk and industry standards associated with emerging technology, authentication capabilities, network design/security, cloud computing environment, the “dark web” and internet of things (IoT). Knowledge of leading Information Security industry frameworks (ie: NIST, ISO, SANS) and Information Security and Data governance models
  • Experience interacting with regulators.
  • One or more Security Certifications
    • Certified in Risk and Information Systems Control
    • Certified Information Systems Security Professional
    • Certified Information Systems Auditor
    • Certified Information Security Manager

Education 

  • Bachelor's degree in Management of Information Systems or related field is required

EOE

Not Ready to Apply?

Joining our Talent Network will enhance your job search and application process. Whether you choose to apply or just leave your information, we look forward to staying connected with you.