Responsible for administering the day to day IT compliance function within the IT department. Primarily responsible for facilitating contact and coordination with internal/external audit and managing IT policies and standards in support of general IT and organizational information security practices.
KEY DUTIES/RESPONSIBILITIES:
• Partners with stakeholders to ensure appropriate processes, procedures, and controls are adequately designed and implemented to meet IT compliance requirements and mitigate any associated risks.
• Coordinates the execution of annual ITGC SOX and Payment Card Industry Data Security Standard (PCI DSS) audits with both external and internal auditors, by overseeing audit activities, providing evidence to fulfill audit requests, monitoring remediation of audit findings, and communicating deficiencies and recommendations for remediation to the Manager, IT Risk & Compliance.
• Collaborates with IT business partners to define and review IT policies and supporting procedures/processes. Conducts periodic reviews and updates of IT policies and standard operating procedures (SOPs) to ensure they remain current, and assists in the development of SOPs for specific areas within IT.
• Monitors the effectiveness of IT controls and identifies/communicates any gaps in compliance. Establishes and maintains a set of IT controls for SOX compliance, ensuring that monthly, quarterly, and annual controls within the IT environment are completed. Tests, reviews, and documents findings from these controls.
• Performs other related duties, tasks and responsibilities as required, assigned and directed.
QUALIFICATIONS:
Education - Bachelor's degree (or equivalent), preferably in Computer Science, Information Systems, Business Administration, or related field.
Experience - 3+ years of experience in Information Security, Corporate/Risk Governance, Compliance, Audit, or related areas.
Skills/Knowledge/Abilities
• GRC experience with a strong understanding of how to design and execute compliance activities.
• Experience in developing security policies and procedures.
• Experience with security and compliance standards such as SOX, PCI DSS, SOC, etc.
• Strong communication and organizational skills, ability to multitask, strong attention to details, excellent problem solving and follow-up skills required.
• Highly developed interpersonal style with emphasis on influencing and building strong long-term relationships across functions.
• Excellent written and oral communication skills.
• Ability to excel in a fast paced cybersecurity environment.
• Certification as CIA, CISA, PCIP, CISSP, or CISM.
• Demonstrates integrity and ethical behavior.
Physical Requirements: - Ability to hear/speak clearly in person and on the telephone. Ability to operate a personal computer.
The range for this position is $98,600 - $138,200 and is based on an employee located at our corporate headquarters in San Diego. If the candidate is hired in a different city to work remote, we may apply a geographic pay differential based on the cost of labor in the market in which the employee resides.
REASONABLE ACCOMMODATION: Jack in the Box, Inc. and its affiliates will make reasonable accommodations to allow a qualified individual with a disability to enjoy equal employment opportunities and to perform the essential functions of the job. This position description should be applied accordingly. This description of duties is not intended to be all-inclusive or to limit management’s discretion to assign other duties or responsibilities as necessary.