Job Location

San José

Job Description

The Information Security Governance, Risk, and Compliance (GRC) Organization at Procter & Gamble is responsible for risk identification, assessment, and remediation across the IT landscape, as well as driving automated governance and compliance breakthroughs.  We are looking for experienced GRC Leaders with a passion to creatively solve problems, automate compliance processes, and lead risk for the company. This role would focus on the Technical Security Management policy area.

Responsibilities:

• Transform the Technical security Management policy area to be risk based meeting all GRC requirements.

• Stay up-to-date with how current events, security focus areas, and the regulatory environment may impact P&G’s compliance processes

• Gain and sustain a broad in-depth knowledge of security control, compliance, and auditing frameworks and apply these to the leadership of Information Security projects and processes

• Consult and advise regarding security compliance requirements pertaining to applicable laws, regulations, and other governance requirements

• Conduct ongoing risk assessments and develop and execute risk-response plans to address high-risk areas.  Measure, report, and explain IT risks to stakeholders.

• Own, assess, create, and update Information Security policies, standards, and controls, and support P&G in effectively implementing these across the global IT organization

• Manage policy strategy, development, deployment, training, enhancement, and maintenance across the policy lifecycle and align top priorities with Information Security Leadership

• Collaborate with IT Operations Teams to ensure alignment to controls and procedures.  Consult with cross-functional stakeholders on risks relevant to their processes.

• Monitor the effectiveness of security controls and identify gaps in compliance.  Analyze control measurements for negative trends and reoccurrence frequency.

• Collaborate with Application Managers on new technologies being leveraged in P&G’s IT environment to support their secure use through the creation of relevant governance frameworks and processes

• Lead Information Security projects and initiatives that improve compliance across the organization

• Collaborate with internal/external auditors on compliance audits, audit findings, and issue remediation

• Contribute to the continuous improvement of the risk and compliance mindset across P&G.  Build IT risk awareness by providing support and training to others.

Success Criteria:

• Updated risk map and risk register, taking into consideration the external environment, industry trends, corporate business plans, and IT strategy

• Clear, aligned, funded, on-track action plans to reduce company risk

• Automated measurements of security compliance across the enterprise, with targeted interventions defined for areas of non-compliance

• Collaborative interactions with internal/external auditors resulting in accurate audit results and meaningful next-steps to drive continuous improvement

• Active participation with security groups to continuously benchmark P&G’s policy strategy to gain insights on industry best practices

Job Qualifications

Qualifications (Required):

• Bachelor’s degree in Computer Science, Computer Systems Engineering, Industrial Engineering, Business Management Information Systems, Software Development, Cyber Security, or related field

• English B2+

• 5+ years of relevant experience in Governance, Risk, and Compliance roles (e.g. Risk Manager, Risk Analyst, Compliance Manager, Auditor)

• Experience with IT Governance processes such as policy management and implementation, monitoring and reporting of compliance results, and identification and escalation of risks

• Ability to influence and build relationships with business unit stakeholders, external service providers, and architecture teams

• The ability to work independently, collaborate, and learn quickly

• Technical experience with operating systems, platforms, Cloud is highly recommended.

Qualifications (Preferred Skills):

• Certified in ISACA CRISC, CGEIT, CISA, and/or CISSP (or willing to attain certification within the first 12-months of employment)

What we offer!

• We’ll give you responsibilities as of Day 1 – you will feel the ownership of your project from the beginning, and you will be given specific projects and responsibilities

• You’ll have continuous mentorship – you will work with passionate people and receive both formal training as well as day-to-day mentoring from your manager

• We offer you to work and be part of a dynamic and supportive environment

• We promote agility and work/life balance for employees, we value every individual and support initiatives, promoting.

• We love flexibility. You can arrange your work schedule based on your personal needs.

• We will let you experience true support for work/life effectiveness and your long-term well-being.

• We will give you a competitive salary and benefits’ package.

Job Schedule

Full time

Job Number

R000086404

Job Segmentation

Experienced Professionals (Job Segmentation)