Full-time
IT Risk & Compliance Manager - KEMET Electronics Corporation - Fort Lauderdale, FL

Job detailsSalary$64,186 - $182,956 a yearJob TypeFull-timeNumber of hires for this role1Full Job DescriptionKEMET, a subsidiary of YAGEO Corporation (TAIEX: 2327) and part of the YAGEO Group, helps our customers build tomorrow with the broadest selection of capacitor technologies in the industry, along with an expanding range of electromechanical devices, electromagnetic compatibility solutions and supercapacitors. With over 100-years of making the world a better, safer, and more connected place to live, our vision is to be the preferred supplier of electronic component solutions demanding the highest standards of quality, delivery and service.Position Summary: The IT Risk & Compliance Manager is a highly respected, influential, and in-demand role within the business. The position is responsible supporting the security direction of the business and elevating the company’s security posture. The IT Risk & Compliance Manager supports the security strategy within new and existing information system capabilities. Consequently, the position requires both an understanding of legacy systems, as well as new technologies and requirements. The role is also responsible for the planning and design of policies and maintenance.The IT Risk & Compliance Manager oversees the business’ security requirements and obligations mandated by standards and regulations such as NIST SP800-171, CMMC, and ISO 27001. In tandem with security leadership, the individual consistently assesses and validates the assurance of the security program. As a primary point of contact for internal and external auditors, the IT Risk & Compliance Manager monitors progress and enforces resolution of outstanding issues that may lead to non-compliance or security threats to the business. As a key member of the security team, the individual must focus on strong risk management and corporate resiliency, and not be driven solely by compliance.This is a people-leader position and required a people-first approach. The successful individual will be a mentor to staff on the security team and elsewhere in the business, placing a high priority on employee retention. The IT Risk & Compliance Manager supports the strong security culture organization-wide.Influences internal and external constituents, and relays best practice recommendations based on the evolving threat landscape to protect intellectual property and ensure compliance.Motivates employees to maximize rigorous system security controls and focuses on implementing the basics, reducing complexity, and establishing a security maturity model that is tracked and adaptable to necessary changes.Actively recruits and leads by example to create a culture where employees want to work. Leads with humility and is respectful to all. Connects with higher education to build a pipeline of interns and future employees.Requires periodic awareness training for company employees on information security topics and allocates security budget to train technical staff members.Leads security-related projects from inception to successful completion and is capable of effectively coaching technology staff on appropriate security protocols and needs as they implement new technology into the organization. Serves as a primary point of contact and subject matter expert for new and existing business continuity planning and disaster recovery objectives.Essential Functions: Manage vulnerabilities across applications, endpoints, databases, networking devices, and mobile, cloud and third-party assets.Work closely with system owners to advise and support remediation efforts to close vulnerability exposure to new threats in the wild and verify the organization’s security posture against them.Provide support to business groups launching new technology applications and services to verify that new offerings are not at risk of misconfiguration, compromise, or information leakage.Conduct continuous discovery and vulnerability assessment of enterprise-wide assets.Document, prioritize and formally report asset and vulnerability state, along with remediation recommendations and validation.Communicate vulnerability results in a manner understood by technical and non-technical business units based on risk tolerance and threat to the business, and gain support through influential messaging.Defines key performance indicators and metrics that align with business initiatives and delivers them to non-technical individuals in an effective, understandable manner.Interact with business groups to understand their plans, risk posture and tolerance, and how information security can enable them to execute their vision and business obligations.Procure and maintain tools and scripts used in asset discovery and vulnerability status.Leverage vulnerability database sources to understand each weakness, its probability and remediation options, including vendor-supplied fixes and workarounds.Collaborate with security groups such as red teams, threat intelligence and risk management to form a holistic team dedicated to thwarting attackers and reducing attack surface.Periodically attend and participate in change management policy discussions and meetings.Define key performance indicators and metrics across business units to illustrate effectiveness with vulnerability management.Understand breach and attack simulation solutions for known vulnerabilities and work with the team to validate controls effectiveness.Plays a key role in disaster recovery and business continuity.Work as a team to consistently learn and share advanced skills and foster team excellence.Perform other duties as assigned.Competencies: Strong business acumen and security technology skills for well-rounded proficiency, as well as proven ability to align with security practices and compliance responsibilities.Exceptional written and verbal communication skills, and proven ability to translate security and risk to all levels of the business.Capacity to understand legacy and progressive technology and security controls along with respective risk. Working knowledge of technologies such as cloud computing, DevOps, and application security is required.Up-to-date understanding of a wide range of incident response, system configuration, vulnerability management, and hardening guidelines.Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively.Demonstrated problem-solving capabilities, and ability to manage complex local and international security requirements.Strong believer in enhancing employee skills and promoting training.Self-motivated, directed, and well-organized, with the vision to position controls in anticipation of threats.Successful track record of managing external entities’ contracts and relationships, and mitigating risks to business development opportunities.Education and Experience: Higher education with a technical focus such as information security, IT, management information systems, or equivalent industry experience.7+ years’ information security experience with at least 3+ years exposure to various security frameworks.5-7 years of related experience required.CISSP, CRISC, CGEIT, GRCP, or PMP preferred.Experience with and understanding of various regulatory requirements, laws, and security frameworks, including but not limited to: NIST, ISO 27001, PCI DSS, HIPAA, HITECH, SOX, GDPR, CCPA, CIS, or SOC 2.Preferably some experience with vulnerability management across cloud environments such as Microsoft Azure, Amazon Web Services, or Google Cloud Platform.Prior experience with GRC systems and vendors is a plus.Physical Requirements: Remains in a stationary position, often standing or sitting for prolonged periods.This job description is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities that are required of the employee. Duties, responsibilities and activities may change, or new ones may be assigned at any time with or without notice.KEMET does not discriminate on the basis of race, color, age, sex, gender, sexual orientation, gender identity and expression, ethnicity or national origin, disability, pregnancy, religion, political affiliation, union membership, protected veteran status, protected genetic information, marital status or any other characteristic protected by applicable federal, state or local law, in making employment decisions including but not limited to hiring, wages, promotions, rewards, and access to training. Qualified applicants and workers shall be provided with reasonable accommodation for disability and religious practices.Job Type: Full-timePay: $64,186.00 - $182,956.00 per yearBenefits:401(k)401(k) matchingDental insuranceEmployee assistance programFlexible spending accountHealth insuranceHealth savings accountLife insurancePaid time offParental leaveRelocation assistanceRetirement planTuition reimbursementVision insuranceSchedule:8 hour shiftMonday to FridayWork Location: One location

Expired, click here to search for relevant jobs

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.