Imagine...working for a company that knows that its people are the key to its success in the marketplace. A company in which achieving extraordinary results and having a stimulating work experience are part of the same process.
We cultivate and embrace a diverse employee population. We recognize that people with diverse backgrounds, experiences and perspectives fuel our growth and enrich our global culture.
We are looking for an individual who enjoys working in a fast-paced, team oriented environment, likes to be challenged, and values the opportunity to make a difference.
The Senior Specialist - Information Risk will support the Information Risk Management program within the Information Security Department for Campbell#39;s. The Risk Management program will align to the strategy of the Company while addressing the evolution of changes to the global risk landscape and evolving technologies.
In addition to general information risk management, the Senior Specialist - Information Risk will support the design, build, implementation and continuous evolution of the Campbell#39;s Third Party Information Risk management program, based on industry best practices, standard methodologies/processes and technology, with a focus on Information Risk.
Essential responsibilities will include but not be limited to:
- Supports the Senior Manager - Information Risk in the ongoing execution of the Information Risk Management program.
- Provides Information Risk Management strategy recommendations and process improvements based on leading practices
- Leads the development and execution of the strategic third-party information risk program for the Company covering Marketing, Human Resources, Manufacturing Operations, and other key functions as needed.
- Executes the risk assessment process and monitors remediation plans.
- Reports to management concerning residual risk, vulnerabilities, and other security exposures, including misuse of information assets and noncompliance.
- Evaluates third parties for compliance to Company standards and industry regulations and negotiates contractual agreements to maintain compliance through the life of the agreement.
- Leads and reviews application security risk assessments for new or updated internal or third-party applications.
- Proactively anticipates business needs and influences policy decisions for third party information risk governance.
- Ensure timely and accurate notification and escalation of actual or potential risks involving third parties.
- Work with third parties to develop get well plans to retire identified risk items and provides security covenants to be included in MSA#39;s.
- Prepare third party risk reports to effectively communicate residual risk to business stakeholders.
- Assist in creation of material for IT Risk related meetings and reports to management.
- Coach and mentor more junior technical staff.
- Works on multiple IT Risk Management projects frequently as the subject matter expert.
- Works on projects / issues of medium to high complexity that require demonstrated knowledge across multiple technical areas and business segments.
- Ensures agreement on risk across multiple levels of the business up to and including Senior Leadership.
- Negotiates directly with vendors on contractual requirements to correct any identified deficiencies and agree on compliance to Company and Industry standards and regulations.
- Works with business process owners to identify risk concerns, then assesses those concerns within internal and external services by interfacing with internal process leads and third-party service providers.
- Manages valued partners for continuous monitoring and execution of vendor information risk assessments and conducts regular check-ins to improve service to the benefit of the Company.
- Regularly meets with business partners in Procurement, Legal, Vendor Management, and IT to educate and enforce the program requirements.
We are looking for the following abilities and skills:
Minimum education required: Bachelor of Arts or Bachelors of Science
Years of relevant experience: 7-10 years of experience within Information Security, IT Auditing, IT Risk Management or equivalent consulting / Big 4 experience.
- Understanding of IT, Security and Privacy Risk as it relates to Vendor Risk Management required.
- Industry recognized Security Certification such as the CISSP, CISA, CCSP, or CRISC is required.
- Previous experience planning, designing, developing, and delivering IT Risk Assessments, IT Audits, Third-Part Risk Management programs, or equivalent.
- Relevant regulatory experience and understanding of Sarbanes Oxley, PCI, Privacy, HIPAA, etc. required.
- Working knowledge of all Information technology areas desired (e.g. Security, Change Control, Operations, and Backup).
- Experience with industry standards such as ISO, NIST, or COBIT
- Experience with conducting or reviewing Independent Control Assessments to include SOC reports, ISAE 3402, PCI AoC/RoC.
- Experience with analysis of Vendor Self Assessments questionnaires such as the SIG, CSA CAIQ, NIST CSF and others.
- Experience evaluating Vendor Cloud Environment to include SaaS, PaaS, IaaS, BRaaS, DRaaS, CPaaS.
- Experience or general knowledge of GRC tools desired.
- Strong technical, communication and interpersonal skills.
- Demonstrated ability to function in a challenging, fast-paced technical and business environment.
- Demonstrated ability to learn on the job, identify, and communicate emerging best practices.
- Office environment with up to 10-15% travel