Risk Management and Compliance Lead

Job Summary
• The Cybersecurity Governance focus specializes in developing and executing security controls, defenses and countermeasures to prevent attacks or attempts to infiltrate firm email, data, e-commerce and web-based systems. Administers policies to control physical/virtual access to systems. Performs tests to ensure policy compliance; responds to breaches and threats.
Responsibilities

• Leads the management and proactive improvement of HP's security governance, risk management, policies, and operations related to issue resolution, vulnerability/threat analysis and prevention, and security research. Works closely with the enterprise security team, guided by other risk management leaders, to manage compliance and cybersecurity risks at the business unit level.

• Security risk assessments: Performing assessments to identify risks and compliance issues
• Security controls for PRINT organization: Implementing and maintaining security controls to meet regulatory requirements. Driving necessary compliance efforts (ISO, CMMC, FEDRAMP etc..), including access control and cloud compliance across business units for PRINT
• Compliance: Ensuring compliance with internal and external requirements, such as laws, regulations, and industry frameworks
• Leading SOX compliance efforts for PRINT – Access review coordination for SOX ITGC and Business Applications
• Documentation: Documenting and reporting on compliance levels, control failures, and gaps
• Training: Training and guiding other staff on security assessment functions
• Policy and procedure maintenance: Maintaining and proposing edits to policies and procedures
• Risk register: Maintaining a risk register and tracking mitigation efforts  for a subset of business units
• Compliance reports: Generating and providing compliance reports and metrics
• Maintaining digital asset Inventory for PRINT by coordinating with BU security leads and enterprise security team
• Collaborate with risk and control owners to manage the risks to enable business outcomes.

Education & Experience Recommended
• Four-year or Graduate Degree in Computer Science, Information Technology, or any other related discipline or commensurate work experience or demonstrated competence.
• Typically has 10+ years of work experience, preferably in cyber & IT security, or a related field.
Preferred Certifications
• N/A
Knowledge & Skills
• Cybersecurity operations
• Cybersecurity governance
• Cybersecurity policies
• Auditing/ IT Auditing
• Risk management
• Automation
• Risk analysis
• Issue tracking
• Security controls
• Operating systems

• SOX ITGC controls ( Access Management, Change Management, & IT Operations)

• SOX financial reporting

• Risk Assessment

• Control validation

• Security compliance

• CMMC Experience

• ISO Experience

Cross-Org Skills
• Effective Communication
• Results Orientation
• Learning Agility
• Digital Fluency
• Customer Centricity
Impact & Scope
• Impacts large functions and leads large, cross-division functional teams or projects.
Complexity
• Provides highly innovative solutions to complex problems within established policy.
Disclaimer
• This job description describes the general nature and level of work performed in this role. It is not intended to be an exhaustive list of all duties, skills, responsibilities, knowledge, etc. These may be subject to change and additional functions may be assigned as needed by management.

#LI-POST