Risk & Compliance Specialist IT
About Us:
At Stericycle, we deliver solutions and drive innovations that protect the environment, people, and public health.
This includes working to create a more sustainable, shared future.
Our innovative solutions make a difference in people's lives, communities, and our planet by protecting their health and well-being.
Change your career.
Change your world.
Join Stericycle and help protect health and well-being in a safe, responsible, and sustainable way.
Position Purpose:
Risk & Compliance is adherence to industry, governmental, corporate and third party control requirements and assessing risk factors within the IT environment.
This position will work with the Director, IT Risk & Compliance to align with requirements and ensure compliance industry acceptable standards.
This role will also maintain internal controls and identify technical compliance gaps and assist Stericycle teams in building remedial actions to address enterprise compliance gaps.
Key Job Activities:
Establish and oversee formal risk analysis and self-assessments program for various IT systems and processes.
Receive and manage compliance issues through investigation, consulting with appropriate owners and resolution or mitigation strategy Promote and monitor our corporate wide IT risk awareness program.
Coach, lead, develop, and train team members and external partners as necessary.
Help ensure compliance with HIPAA, PCI, HighTrust.
SOX and SOC (Etc.
) for Stericycle Business Units.
Work with business units to ensure data and applications are properly classified.
Work with Internal Audit, General Counsel and Business Units to remediate new and outstanding issues.
Create / onboard a GRC system (service now).
Track related issues in the electronic GRC system.
Create / run ad hoc reports, metrics and issue log.
Escalate issues and/or reporting to audit and compliance stakeholders for internal or external audit actions.
Coordinates resolution of audit action points and remediation.
Perform other duties and responsibilities, as assigned.
Education:
Preferred Education:
in Bachelors or EquivalentExperience (North America):
Education equivalent to Bachelors Degree in Information Technology or the equivalent in related experience; an M.
B.
A.
or M.
S.
in Information Security is preferred 3-5 years of experience in a fast-paced IT professional role Completion of courses in Audit and/or IT Audit is a plus Experience with risk analysis tools, technologies and policies and understanding of business impact Strong leadership abilities, with the capability to develop and guide IT team members and operations personnel, and work with minimal supervision Experience working with legal, audit and compliance staff Experience developing and maintaining policies, procedures, standards and guidelines Experience with information security management frameworks, such as International Standards Organization (ISO) 2700x, NIST, the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (COBIT) frameworks Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies Strong analytical skills to analyze security requirements and relate them to appropriate security controls Project Management Professional (PMP), CISA or Audit training/certification an asset Certifications and/or Licenses:
Project Management Professional Certification (PMP)
Benefits:
Stericycle currently offers its employees the option to participate in a full range of benefits, including a health care program which includes medical, dental, vision and prescription coverage, healthcare and dependent care flexible spending accounts, life and accidental death and dismemberment insurance, an employee assistance program, tuition reimbursement, paid vacation and sick time, a 401(k) plan, and an employee stock purchase plan.
Participation in some programs requires that employees be regularly scheduled to work a minimum number of hours and/or to have fulfilled a waiting period after they begin employment with Stericycle.
Disclaimer:
The above description is meant to provide a summary of the nature and level of work being performed; it should not be construed as an exhaustive list of all responsibilities, duties and requirements of the job or person.
This document does not create an employment contract, implied or otherwise.
Stericycle will consider requests for workplace accommodations for protected physical or mental limitations in accordance with its human resources policies and local laws.
To the extent permissible under local law, and consistent with business necessity, Stericycle reserves the right to modify the content formally or informally, either verbally or in writing, at any time with or without advance notice.
Recommended Skills Analytical Auditing Certified Information Security Manager Certified Project Management Professional Coaching And Mentoring Consulting Estimated Salary: $20 to $28 per hour based on qualifications.
At Stericycle, we deliver solutions and drive innovations that protect the environment, people, and public health.
This includes working to create a more sustainable, shared future.
Our innovative solutions make a difference in people's lives, communities, and our planet by protecting their health and well-being.
Change your career.
Change your world.
Join Stericycle and help protect health and well-being in a safe, responsible, and sustainable way.
Position Purpose:
Risk & Compliance is adherence to industry, governmental, corporate and third party control requirements and assessing risk factors within the IT environment.
This position will work with the Director, IT Risk & Compliance to align with requirements and ensure compliance industry acceptable standards.
This role will also maintain internal controls and identify technical compliance gaps and assist Stericycle teams in building remedial actions to address enterprise compliance gaps.
Key Job Activities:
Establish and oversee formal risk analysis and self-assessments program for various IT systems and processes.
Receive and manage compliance issues through investigation, consulting with appropriate owners and resolution or mitigation strategy Promote and monitor our corporate wide IT risk awareness program.
Coach, lead, develop, and train team members and external partners as necessary.
Help ensure compliance with HIPAA, PCI, HighTrust.
SOX and SOC (Etc.
) for Stericycle Business Units.
Work with business units to ensure data and applications are properly classified.
Work with Internal Audit, General Counsel and Business Units to remediate new and outstanding issues.
Create / onboard a GRC system (service now).
Track related issues in the electronic GRC system.
Create / run ad hoc reports, metrics and issue log.
Escalate issues and/or reporting to audit and compliance stakeholders for internal or external audit actions.
Coordinates resolution of audit action points and remediation.
Perform other duties and responsibilities, as assigned.
Education:
Preferred Education:
in Bachelors or EquivalentExperience (North America):
Education equivalent to Bachelors Degree in Information Technology or the equivalent in related experience; an M.
B.
A.
or M.
S.
in Information Security is preferred 3-5 years of experience in a fast-paced IT professional role Completion of courses in Audit and/or IT Audit is a plus Experience with risk analysis tools, technologies and policies and understanding of business impact Strong leadership abilities, with the capability to develop and guide IT team members and operations personnel, and work with minimal supervision Experience working with legal, audit and compliance staff Experience developing and maintaining policies, procedures, standards and guidelines Experience with information security management frameworks, such as International Standards Organization (ISO) 2700x, NIST, the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (COBIT) frameworks Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies Strong analytical skills to analyze security requirements and relate them to appropriate security controls Project Management Professional (PMP), CISA or Audit training/certification an asset Certifications and/or Licenses:
Project Management Professional Certification (PMP)
Benefits:
Stericycle currently offers its employees the option to participate in a full range of benefits, including a health care program which includes medical, dental, vision and prescription coverage, healthcare and dependent care flexible spending accounts, life and accidental death and dismemberment insurance, an employee assistance program, tuition reimbursement, paid vacation and sick time, a 401(k) plan, and an employee stock purchase plan.
Participation in some programs requires that employees be regularly scheduled to work a minimum number of hours and/or to have fulfilled a waiting period after they begin employment with Stericycle.
Disclaimer:
The above description is meant to provide a summary of the nature and level of work being performed; it should not be construed as an exhaustive list of all responsibilities, duties and requirements of the job or person.
This document does not create an employment contract, implied or otherwise.
Stericycle will consider requests for workplace accommodations for protected physical or mental limitations in accordance with its human resources policies and local laws.
To the extent permissible under local law, and consistent with business necessity, Stericycle reserves the right to modify the content formally or informally, either verbally or in writing, at any time with or without advance notice.
Recommended Skills Analytical Auditing Certified Information Security Manager Certified Project Management Professional Coaching And Mentoring Consulting Estimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
