Job Description:

About the Role

The Manager of IT GRC will be responsible for overseeing cyber security, data governance, and IT controls audit topics, among other areas. This role will play a critical role in ensuring the effective governance, management, and compliance of our information technology systems and processes.

Key Responsibilities

Develop and Implement IT Governance Frameworks: Design, implement, and maintain IT governance frameworks, policies, and procedures to ensure the effective management and oversight of IT resources and activities.

Risk Assessment and Management: Conduct comprehensive risk assessments of IT systems, infrastructure, and processes. Develop and implement risk mitigation strategies and controls to minimize IT-related risks and vulnerabilities.

Compliance Management: Ensure compliance with relevant regulatory requirements, industry standards, and best practices, including but not limited to Sarbanes-Oxley (SOX), GDPR, ISO 27001, and NIST Cybersecurity Framework.

1. Conduct compliance assessments by understanding business objectives, structure, policies and procedures, internal controls, and external regulations.


2. Assess the effectiveness of internal controls over key IT risk.


3. Improve control assurance by developing tests, compliance reports and security metrics.


4. Manage responses to and follow-up with internal and external audits.


5. Identify and recommend business process changes to strengthen internal controls.


6. Complete IT control self-assessments and related findings.

Policy Development and Enforcement: Develop and enforce IT policies and procedures to promote compliance, security, and best practices across the organization. Monitor compliance with policies and initiate corrective actions as necessary.

Audit and Assurance: Coordinate and support internal and external audits of IT systems and controls. Collaborate with audit teams to address findings and implement remediation plans.

Cyber Security: Oversee the development and implementation of cyber security strategies and controls to protect the confidentiality, integrity, and availability of critical business assets. Monitor and respond to security incidents and breaches.

1. 
   
   
   
   1. 
      
      
      
      1. Provide comprehensive cyber security expertise and risk-mitigation strategies bridging technical and non-technical domains.
      
      
      2. Perform risk assessment using various industry standard frameworks.
      
      
      3. Collaborate with control owners to implement process changes and track to completion.
      
      
      4. Advise and collaborate on projects by providing IT controls expertise and considerations.
      
      
      5. Support and improve key process controls, including identity and access management, threat and vulnerability management, incident management and response and third-party risk management.
      
      
      6. Create and maintain the enterprise’s security documents (policies, standards, baselines, guidelines and procedures) with IT management.
      
      
      7. Facilitate information security risk analysis and risk management processes with business units and to identify acceptable levels of residual risk.
      
      
      8. Development and delivery of IT risk and security awareness and compliance training programs.
      
      
      9. Support and improve key process controls, including identity and access management, threat and vulnerability management, incident management and response and third-party risk management.
      
      
      10. Create and maintain the enterprise’s security documents (policies, standards, baselines, guidelines and procedures) with IT management.
      
      
      11. Facilitate information security risk analysis and risk management processes with business units and to identify acceptable levels of residual risk.
      
      
      12. Development and delivery of IT risk and security awareness and compliance training programs. 
      
      
      
      
   
   
   
   

Data Governance: Establish and maintain data governance frameworks and practices to ensure the quality, integrity, and security of organizational data. Develop and enforce data management policies and procedures.

IT Controls Audit: Lead IT controls audit activities, including planning, execution, and reporting. Evaluate the effectiveness of IT controls and recommend improvements as needed.

Vendor and Third-Party Risk Management: Assess and manage risks associated with third-party vendors and service providers. Establish and maintain effective vendor risk management processes and controls.

Incident Response and Continuity Planning: Develop and maintain incident response plans and business continuity/disaster recovery strategies for IT systems and infrastructure. Coordinate response efforts during security incidents and other emergencies.

Training and Awareness: Develop and deliver training programs to enhance IT governance, risk management, and compliance awareness across the organization. Provide guidance and support to IT and business stakeholders on GRC-related matters. 

Required Education and Experience 

• Bachelor's degree in Information Technology, Computer Science, Business Administration, or related field. Advanced degree or relevant certifications (e.g., CISA, CISSP, CRISC, CISM) preferred.


• 10 or more years of experience in IT governance, risk management, compliance, or related fields, with a focus on information security and technology risk management.


• Strong understanding of regulatory requirements, industry standards, and best practices related to IT governance, risk, and compliance (e.g., SOX, GDPR, ISO 27001, NIST Cybersecurity Framework).


• Proficiency in information security domains, including policies and standards, risk and control assessments, access controls, regulatory compliance, technology resiliency, risk and control governance and metrics, incident management, secure systems development lifecycle, vulnerability management, and data protection.


• Experience providing guidance, best practices, and support across organizations, as well as leading risk reviews and vulnerability assessments, identifying threats, and communicating with senior leaders and other stakeholders.


• Experience in a manufacturing and distribution environment preferred.


• Experience creating process flow diagrams in Visio.


• Experience building SQL Queries preferred.


• Ability to write clear, concise reports that communicate key insights and observations to functional/business personnel and Senior executive leadership.


• Must be adaptive, flexible, and able to function effectively in a dynamic, high-growth environment.


• Must have strong attention to detail and the ability to manage multiple projects and competing priorities.

Thank you for your interest and consideration of a career with Viskase! 

www.viskase.com

About Us

Viskase is a global powerhouse in the food packaging industry, renowned for delivering top-tier artificial casings and a comprehensive range of casings and nettings. With a remarkable legacy spanning over a century, Viskase has consistently revolutionized the meat processing sector. Notably, the company is responsible for manufacturing 30% of the world's hot dog casings, underscoring its dominant position in this market. What sets Viskase apart is its extensive global presence, boasting 11 manufacturing facilities and 9 sales offices strategically located in the United States, Canada, Mexico, Germany, France, Italy, Brazil, Poland, and the Philippines.

Viskase Companies Inc. provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)

Information Technology Management

Apply Now