Kellogg Governance, Risk Management, and Compliance Director in Oak Brook, Illinois
As a Governance, Risk Management, and Compliance (GRC) Director, you will be responsible for the overall enterprise-wide GRC programs. In this role, you will be responsible for the hands-on design, implementation, and effective management of the programs and the shaping of the security policies, standards, and procedures aligned with the overall cybersecurity strategy and programs. You will provide subject matter expertise and leadership on mature security governance structures and processes, Risk Management process, and contractual, regulatory compliance requirements.
This role requires a combination of a strong GRC background and business acumen to manage relationships between the various business units and IT groups.
HERE’S A TASTE OF WHAT YOU’LL BE DOING
Governance : You will be responsible for designing and leading a comprehensive governance program, including the establishment of security policies, standards, and procedures by taking a risk-based approach with the program design. You will be using the NIST 800-53, 800-171, and ISO 27001 requirements as a guide in the program design. You will be work cooperatively with others and solicit input from the various areas of the organization. You will be implementing and managing the governance processes and educating and training the organization on the new governance programs and measuring and reporting on all aspects of the programs.
Risk Management : You will be accountable for designing a comprehensive cybersecurity Risk Management program to identify, quantify, classify and manage risks for the organization and working cooperatively with others and solicit input from the various areas of the organization and continually educating and training the organization on the new risk management function and how they can participate and contribute to it. Driving the identification of security risks and maintaining a risk register, including planned mitigations and acceptance. The risk management program will include a vendor risk management function including working closely with the procurement team and others to evaluate and report on vendors’ risk and measuring and reporting on all identified risks and the overall security risk management functions. You will also be aligning security risk management with the existing business risk management practices.
Compliance: You will be designing a comprehensive compliance program, including the establishment of security policies, standards, and procedures. Taking a risk-based approach to ensure the new program design satisfies the IT business functions as well as the commercial lines of business. You will be using the data and privacy requirements like GDPR, and CCPA as a guide in the program design. Continually evaluating and reporting on the controls design, implementation, effectiveness, and maturity levels and working cooperatively with others and solicit input from the various areas of the organization. Guiding, educating, and advocating the organization on the compliance requirements and how each person and department play a role in maintaining the required compliance and measuring and reporting on all aspects of the compliance program.
Leadership: You will be s erving as the primary subject matter expert and leader on all aspects of compliance, governance, and risk management. Providing regular reports to the Chief Information Security Officer (CISO) and, when needed to other internal or external entities on all aspects of this role responsibilities, including adequate metrics on each of the programs. You will be serving as the primary security liaison for internal and external audits and as needed to represent IT and Security and respond to inquiries from external entities on all matters related to security compliance. You will be making independent decisions or representing leadership at times. Own third-party risk evaluation process and any required audits to demonstrate our risk posture and control adherence and manage GRC technology, staffing needs, and manage assigned budget in line with approved allocations. Mentor and manage others to increase team competency and continually build a culture of constant improvement and a desire to excel.
YOUR RECIPE FOR SUCCESS
Experience in building and managing compliance and risk management programs, including hands-on control design and effectiveness evaluation.
Strong knowledge and experience in security requirements, standards, and best practices, including NIST CSF, ISO 27001, OWASP.
Background in developing and maintaining security policies, processes, procedures, and standards.
Knowledge of and prior experience in GRC tools/ technologies.
Excellent written and verbal communication skills.
Ability to manage across multiple competing priorities and time-sensitive initiatives.
Strong ability to motivate and lead team members, including in a remote/distributed workforce.
Uncompromising personal and professional integrity and ethics.
Bachelor’s degree in computer science, risk management, or equivalent education and related extensive experience
One or more relevant industry-standard security certifications (such as CISSP, CRISC, or CISM)
It’s best to apply today, because job postings can be taken down and we wouldn’t want you to miss this opportunity. To learn more about what’s next, click on the links below:
Kellogg K-Values (https://www.kelloggcareers.com/global/values.html)
New Hire Benefits Guide
THE FINER PRINT
The ability to work a full shift, come to work on time, work overtime as needed and the ability to work according to the necessary schedule to meet job requirements with or without reasonable accommodation is an essential function of this position.
We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, ethnicity, disability, religion, national origin, gender, gender identity, gender expression, marital status, sexual orientation, age, protected veteran status, or any other characteristic protected by law.
Where required by state law and/or city ordinance; this employer will provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS), with information from each new employee’s Form I-9 to confirm work authorization. For additional information, please follow this Link (https://e-verify.uscis.gov/web/media/resourcesContents/E-Verify_Participation_Poster_ES.pdf) .
If you require a reasonable accommodation in completing this application, please reach out to USA.Recruitment@kellogg.com
LET’S CREATE THE FUTURE OF FOOD