Governance, Risk & Compliance, Manager 1
AutoNation
United Kingdom
Published 1 week ago
Enterprise Risk
AutoNation is one of the largest automotive retailers in the United States, offering innovative products, exceptional services, and comprehensive solutions, empowering our customers to make the best decisions for their needs. With a network of dealerships nationwide strengthened by a recognized brand, we offer a wide variety of new and used vehicles, customer financing, parts, and provide expert maintenance and repair services. Through DRV PNK, we have raised over $40 million for cancer-related causes, demonstrating our commitment to making a positive difference in the lives of our Associates, Customers, and the communities we serve.
So what do you say? Are you ready to be part of something big?
The GRC Manager leads the GRC team in managing information security compliance and privacy related activities. Acts as subject matter expert in PCI, SOX, CCPA, and other regulatory compliance legislature. Manages team in the design and implementation of security technology solutions to support compliance needs.
Job Responsibilities:
So what do you say? Are you ready to be part of something big?
The GRC Manager leads the GRC team in managing information security compliance and privacy related activities. Acts as subject matter expert in PCI, SOX, CCPA, and other regulatory compliance legislature. Manages team in the design and implementation of security technology solutions to support compliance needs.
Job Responsibilities:
- Leads the team in the development and maintenance of information security policies, standards, and control procedures to enable compliance with applicable regulations and industry standards, including Payment Card Industry Data Security Standard (PCI DSS), California Consumer's Privacy Act (CCPA), and Sarbanes Oxley (SOX).
- Perform security risk assessments on new or existing IT products, services, and technologies to analyze controls, identify and evaluate mitigating control opportunities and assign residual risk using the organizational risk management methodology.
- Support the development and execution of an annual enterprise-level IT risk assessment.
- Support the implementation of various modules within the Bendminder GRC toolset.
- Work to evaluate, design, implement new capabilities in Bendminder to support ongoing use, such as report generation, record status monitoring and tracking, user and workflow management.
- Provide consultative advice to internal customers in the areas of risk management, technology and business process security controls, to enable them to make informed risk decisions, develop acceptable risk mitigation strategies, documented processes, and achieve controls compliance.
- Identify opportunities and support efforts to drive organizational information security risk posture and process improvement.
- Maintain strong working relationships with individuals and groups involved in managing information security risks across the organization.
- Work closely with regulators and auditors as a point of contact for information requests and issue management/escalation.
- Organize and/or support IT GRC-related meetings; prepare meeting agendas and minutes.
- Support information security risk management program reporting efforts.
- Support IT GRC team members as necessary with other IT GRC program areas, including but not limited to vendor risk management, information security training and awareness, PCI DSS self-assessments, CCPA data requests, and SOX internal control reviews.
- Qualifications:
- B.S. Degree required in Computer Science, Information Technology, or related field of study, or any equivalent combination of relevant background, skills and experience. Advanced degree preferred.
- 10+ years' relevant experience in Information Security in medium to large organizations.
- One or more security certifications such as CISSP, CISA, SANS GIAC, or relevant security certification(s) required.
- Hands-on experience with one or more of the following: GRC tools such as Bendminder, Archer, etc.
- Other complimentary skills include: regulatory compliance or legal background
- High degree of proficiency MS Office Suite, Outlook & Internet applications.
- Strong analytical, prioritizing, interpersonal, problem-solving, and presentation, project management (from conception to completion) and planning skills
- Strong verbal and written communication skills.
- Strong negotiation/mediation skills.
- Demonstrated collaborative skills and ability to work well within a team.
- Ability to work with and influence senior management.
- Ability to work in a fast-paced and deadline-oriented environment.
- Self-motivated with critical attention to detail, deadlines and reporting.
- Competitive compensation and 401k matching
- Enjoy a healthy work-life balance with insurance plans (health, dental, vision) and maternity benefits
- Exclusive RX Pet program offering discounts on medications
- Associate purchase and discount programs for new and pre-owned vehicles, services, parts, collision, accessories, and AutoGear
- Access amazing deals and discounts through YouDecide, a website with offers from top providers and retailers
- Join our DRVPNK mission to raise and donate millions of dollars to cancer research and treatment, partnering with cancer charities nationwide