PURPOSE:

The Manager, Security GRC is responsible for working across IT, with internal audit, external audit and other departments to develop a comprehensive IT compliance program. This role is responsible for coordinating and reporting on IT portions of internal and external audits, review findings and work with the impacted areas to develop, track, and complete remediation plans.

This position will also have responsibility for maintaining an access certification process in order to validate that access is assigned appropriately per corporate policies. The position will provide governance oversite to the IT Identity and Access Management team to ensure that appropriate processes are followed to protect the security and privacy of employee and customer information.

The Manager will provide management and direction to GRC team members. This position also regularly contributes to the identification and/or delivery of related functional area and process improvements, tool implementation, and automation to streamline the delivery of compliance activities.

JOB RESPONSIBILITIES:

• Manage SOX, HIPAA, Internal and External audit compliance efforts in partnership with internal and external auditors.
• Provide guidance and training in constructing controls and operating procedures. Provide assistance on remediation and response to compliance incidents.
• Perform monthly access review across applications to help better understand where unauthorized access is granted and can be removed
• Creates and maintains control matrix to address all corporate and regulatory compliance requirements.
• Tracks and coordinates corporate, legal and regulatory IT compliance activities.
• Establish and oversee formal risk analysis and self-assessments program for various Technology Services systems and processes.
• Collaborates with Internal Audit, Corporate Compliance, Office of General Counsel and Enterprise Risk Management to remediate new and outstanding issues; track security-related issues in the electronic GRC system.
• Works with all IT process owners to ensure effective risk and control management.
• Promote and monitor the enterprise cyber security awareness program; ensure compliance across the organization.
• Interfaces and coordinates with internal and external auditors and IT process owners to ensure timely delivery of audit requirements. Creates management responses to findings and coordinates in a timely manner with senior leadership.
• Works with process owners to plan and track delivery of audit finding remediation.
• Maintains expertise on security trends through training, research and development in order to mitigate potential security exposures.
• Coordinate responses to customer / vendor security questionnaires.
• In collaboration with the Director of Security GRC, develops the Identity and Access Governance (IAG) function and institute consistent IAG processes across the enterprise.
• Manages team building and self-driven skill development activities through active participation (knowledge sharing, driving initiatives) in appropriate training and mentoring programs, and leads peer review feedback efforts to grow and develop analyst skills.
• Leads interaction with business owners, subject matter experts and project team members, collaborating to identify, develop, and document potential business and technology solutions.
• Establishes and builds critical relationships with senior business management, unit leadership, extended team
• members, and other stakeholders across the functional domains.
• Identifies opportunities and provides solutions for improvement to compliance processes, such as automation, as well IT processes.
• Supervises and provides assistance to internal and external auditors.
• Participates in department recruiting efforts as directed by management.
• Make recommendations to regarding hiring, terminations, layoffs, performance, promotions and salary increases.

JOB REQUIREMENTS:

Education/Certification:

• Bachelor's degree in Computer Information Systems, Information Technology, or related field is required
• Certified Information Systems Auditor (CISA), Certified Internal Auditor (CIA) certifications preferred
• PCI Certified Internal Security Assessor (ISA) preferred

Experience:

• 8-10 plus years of experience in IT risk and compliance, IT governance, IT auditing or IT related field required
• Big 4 accounting firm experience is a plus.

Knowledge:

• Must possess a high level of working knowledge in the following areas: operating systems (ZOS, UNIX, Linux, Windows), application development (COBOL, C, Java, PL/SQL, Visual Basic.net), , operations (batch processing, monitoring) networking and telecommunications, database (Oracle, DB2, SQL Server, etc), logical security (Active Directory, Unix, Mainframe -Top Secret/ACF2, Internet/Intranet), and web services
• In-Depth knowledge of internal control concepts, principles, risk analysis, Sarbanes-Oxley Compliance, PCI Compliance, HIPAA, Privacy, process improvement and techniques, including COSO and COBIT frameworks

Skills/Abilities:

• Must be able to work with all levels of individuals within the organization
• Requires excellent analytical and communications skills to learn customer business objectives, evaluate risks and plan, supervise and control compliance and other activities
• Must have excellent verbal, written and presentation skills, a high degree of personal integrity and ability to work under limited supervision. Supervisory skills, the ability to work well with others in a team environment and the ability to produce results through others is required
• Must be capable of working under minimum supervision, planning and conducting compliance assignments and directing the activities of staff as required
• Requires excellent analytical and communications skills to learn business objectives, evaluate risks, and controls and accurately document and support work performed, and conclusions reached
• Must have excellent written and verbal communication skills, a high degree of personal integrity, attention to detail and strong investigative skills
• Must be able to work in a fast-paced environment and manage multiple projects concurrently
• Demonstrate advanced mentoring, teaching, and peer guidance skills
• Good judgment is required for this position as there may be times when direct supervision may not be immediately available.

PHYSICAL ENVIRONMENT/ DEMANDS:

• Some travel may be required
• Incumbent may sit for long periods of time at desk or computer terminal

The above statements are intended to describe the general nature of the work performed by the employees assigned to this job. All employees must comply with Company policy and applicable laws. The responsibilities, duties and skills required of personnel so classified may vary within each department and/or location.

All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity or expression, national origin, disability, or protected veteran status. UNFI is an Equal Opportunity employer committed to creating an inclusive and respectful environment for all. - M/F/Veteran/Disability. VEVRAA Federal Contractor.