This job has expired, please see additional jobs below
Director IT Compliance
Foot Locker
Milwaukee, WI, United States
Job Details - this job has expired, please see similar jobs below
Overview
Foot Locker, Inc. is seeking a Director, IT Compliance. This is a strategic thought leadership focused role with responsibility for a comprehensive approach to governance and compliance.
Reporting to the VP Security, this role will be a key member of Foot Locker’s IT Security and Compliance leadership team and will be expected to build strong partnerships across multiple cross functional stakeholders.
This position is primarily responsible for Foot Locker Inc.’s global IT Sarbanes-Oxley (SOX) Program. The role partners closely with local IT teams, internal and external auditors, and Corporate IT to ensure that required IT SOX and IT General Controls are adequately performed. The individual filling this role will provide guidance to local IT Management for SOX controls, and will assist in narrative preparation as well as the review of Management’s testing of IT Controls for all IT sites globally. The position is the central point of contact for the Company’s IT Controls.
Responsibilities
IT Governance & Risk Management
• Provide guidance and thought leadership to internal teams and external partners concerning the governance, risk management and compliance of our systems, data and business processes
• Leads, develops, implements and maintains the IT risk management strategy, processes and procedures, while actively promoting IT risk awareness across the organization
• Responsible for analysis of IT risk and control assessments across Infrastructure, Application and Data assets, including Information Security, Application Management, Disaster Recovery, emerging technologies, 3rd party security, and IT regulatory compliance
• Maintain up-to-date knowledge and understanding of technology trends, security threats, infrastructure vulnerabilities, and business dependencies on reliable IT that could impact the company’s risk profile
• Assess the Information Security program including organizational design and key processes
• Maintain the register of material IT risks and monitor risk mitigation plans
• Support risk management activities for 3rd party IT risks
• Identify and integrate leading practices into the IT risk management process
• Plan for future-state cyber security GRC by providing direction on development and implementation of governance, risk and compliance processes, tools and metrics
• Annual review and maintenance of the cyber security policy, control objectives and authoritative sources
• Streamline the management and coordination of our GRC program through the leveraging of our GRC platform
• Train and mentor other team members to consistently deliver on the goals and objectives of the cyber security governance program
• Ensure technical and operational security controls are incorporated into new systems and applications through participation in planning, design and implementation reviews of all new systems and significant changes to existing systems
IT Compliance
• Responsible for reviewing management’s control documentation/narratives, application inventory, and testing of IT SOX controls for in-scope IT locations globally
• Partner with the IT Internal Audit team and related internal teams to identify controls in-scope for each site required to be included in the IT control testing activities
• Consult with leadership teams to create and maintain scorecards for tracking compliance and measuring risk across regions, market and portfolios
• Identify strategic, operational and systemic compliance related issues and effectively negotiate with and influence stakeholders to resolve issues by developing proposals, outlining solutions, and negotiating time commitments and resources
• Responsible for ensuring full PCI compliance and establishing the strategies that will enable us to reduce scope/risk
Other Responsibilities
• Provide leadership and oversight of the Security Awareness Program
• Provide leadership and oversight of the Security Review Board
• Exhibit strong communication, collaboration and conflict management skills to establish and maintain relationships with business leaders, customers, and 3rd parties
• Stay abreast of emerging trends and best practices within the IT compliance industry; seek and leverage best practices from other non-competing organizations
• Provide strong subject matter expertise and leadership across a matrix global organization
Qualifications
• This position requires a BA/BS degree in Information Systems or equivalent, and at least 8 years of IT governance, IT audit, risk, compliance-related experience at Big 4/Regional accounting firms
• This position requires a professional certification such as a CISA, CISM, or equivalent
• Prior experience performing IT control testing activities is required
• Retail industry and PCI auditing experience is desired
• Experience with ISO27001/2, NIST, COBIT or similar frameworks is desired
• Must be detail oriented with strong communication, organizational, project management and issue resolution skills
• Must have the ability to lead, mentor, train and develop leaders and technical associates and have excellent relationship management skills across all levels of the organization
• Understanding of IT infrastructure and development processes and associated IT controls required to support a fully functioning and controlled IT environment
• Maintain an understanding of project management methodologies and system development life cycles, including Agile and DevOps methodologies
• Excellent written and communication skills.