Senior IT Security Risk and Compliance Manager
We are currently looking for a Senior IT Security Risk and Compliance Manager in our Information Technology area. This role within the IT Security team will lead the IT Risk and Compliance team, providing leadership and hands on guidance for all security governance, risk and compliance related initiatives. This position also acts as Security liaison with the IT operations and application development teams for ongoing compliance initiatives.
- Develop, implement, maintain and manage an effective IT risk management program
- Execute formal risk assessments of projects, initiatives, technologies and processes, including 3rd party vendor assessments
- Proactively understand, assess and document key IT risks and implement relevant controls to manage identified risks
- Monitor, maintain and ensure continuous improvement of the effectiveness of controls associated with JCPenney’s information assets
- Coordinate 3rd party audits of JCPenney, including Pen tests, PCI, SOX, Visa-PIN and TR39 assessments
- Manage compliance projects across multiple teams, including operations, security and development ensuring compliance with regulatory and legal requirements relevant to the JCPenney’s business
- Maintain information security and privacy policies;
- Develop and implement internal policies and procedures to ensure proper protection of JCPenney’s Information and IT Assets
- Implement, monitor and improve an IT Security Awareness program to raise the collective awareness of the importance of IT Security and security controls.
- Implement and Manage JCPenney’s Security Incidents Response Program
Core Competencies & Accomplishments:
- BA/BS degree in Computer Science or related technical field, or equivalent practical experience.
- Five + years’ experience leading and managing IT projects and teams
- Knowledge of information security standards, rules and regulations related to information security and data confidentiality on a global perspective – to include PCI-DSS, SOX, NIST, …
- Knowledge of infrastructure and application security principles for risk identification and analysis.
- Experience in third-party IT security management
- Experience leading associate security or privacy awareness programs
- Excellent written, oral, and interpersonal communication skills.
- Ability to present ideas in business-friendly and user-friendly language.
- Highly self-motivated and directed.
- Team-oriented and skilled in working within a collaborative environment.
- CISSP, CISM, CISA, CIPP or similar certifications preferred
- Practical experience in managing Business continuity and/or Incident Response programs preferred
- Experience working with IT technologies such as Cloud, big Data and mobile preferred
What you get:
We offer a competitive benefits package including medical/dental/vision, term life insurance, paid vacation/holidays, 401(k) Savings Plan with company match, and an associate discount on JCPenney merchandise.
JCPenney proudly serves customers at more than 650 stores across the United States and Puerto Rico, and at the Company’s flagship store, jcp.com. JCPenney is one of the nation’s largest retailers of apparel, home, jewelry, and beauty merchandise with a growing portfolio of private and national brands. Guided by the Golden Rule, JCPenney employs more than 60,000 associates worldwide and has served customers for over 119 years, playing a vital role in the communities it serves. For additional information, please visit jcp.com and follow JCPenney on Facebook, Instagram, and Twitter.
For more opportunities to join our team please visit our careers page.
Job Title: Senior IT Security Risk and Compliance Manager
Location: Plano, TX, United States -
Job ID: 1105200
J.C. Penney Company Inc.