Website The Clorox Company
- This position reports to the IT Risk and Compliance Manager and works closely with the Director of Global Information Security. The person in this position will be responsible for building and enhancing the GRC portfolio of efforts to raise the overall security and compliance posture for The Clorox Company (Clorox). The qualified candidate will work with cross functional teams and asset owners responsible for cybersecurity controls.
- The candidate must demonstrate a passion for IT risk, compliance, security and lead by example that fosters continued growth and technical expertise within the team to reliably achieve objectives, address uncertainty and act with integrity expected as part of Clorox core values.
- Responsible for direction and oversight of Identity, Governance and Administration (IG&A) systems which include, but not limited to SailPoint (IIQ), SAP GRC Access Control (AC), and other integrated collection of cybersecurity control capabilities
- Assure compliance across multiple frameworks and regulatory standards including, but not limited to SOX, Global Privacy Regulations (CCPA/GDPR), FDA, PCI, and others
- Work closely with Functional and Technical Teams to ensure Segregation of Duties (SOD) and critical actions are understood and appropriately built into the business roles
- Monitor and maintain SAP application security policies, standards, guidelines, and procedures that are in alignment with the corporate strategic plan and supports the project teams during the implementation
- Responsible for monitoring, remediation, and reporting of controls gaps in the IT and Cybersecurity program areas. Record and track in a centralized Risk Registry.
- Responsible for implementation of controls to build and enhance the GRC program.
- Responsible for Cybersecurity Risk Assessment Methodology and associated processes, procedures, and guidelines.
- Provide management level status update and risk profile dashboards including current and desired future state of control maturity.
- Extensive knowledge and experience in security and compliance frameworks such as NIST, ISO, SOX, and data privacy protection laws.
- Ability to communicate clearly and concisely in both oral and written forms
- Ability to build relationships with individuals at all levels irrespective of the background
- General knowledge of SAP or other ERP systems
- Relevant and current industry certification(s): CRISC, CISSP, CISM, CISA is preferred
- Advanced understanding of information security concepts including cloud security and compliance, access controls, disaster recovery, etc.
Qualification & Experience:
- Experience building and developing successful risk management programs.
- Experience working in a global enterprise environment.
- Experience working with and implementing Financial and IT GRC tools and processes.
- 10+ years experience in IG&A implementation, processes, and practices
- Prior experience as a Security Solution Architect a plus
Company: The Clorox Company
Vacancy Type: Full Time
Job Functions: Information Technology
Job Location: Durham, North Carolina, US
Application Deadline: N/A