Apply on Employer Site

The Lubrizol Corporation · 2 weeks ago

Sr. IT Risk Management and Compliance Specialist

Wickliffe, OH

Full-time

Hybrid

Mid, Senior Level

3+ years exp

The Lubrizol Corporation is a specialty chemical company focused on delivering sustainable solutions. They are seeking a Sr. IT Risk Management and Compliance Specialist to enhance their global Information Security program, manage risks, conduct internal audits, and ensure compliance with regulations.

ChemicalInformation TechnologyManufacturingMedicalMedical Device

Responsibilities

Execute the IT Risk Management processes to identify, assess, evaluate, and treat risks, ensuring the global impact and importance of Lubrizol's Information Security program

Recommend and implement Risk Management, Compliance, and Governance Programs process improvements to enhance the effectiveness and efficiency

Facilitate and conduct technology and operational risk and compliance assessments to identify potential risks and ensure compliance with internal policies and external regulations

Respond to and support risk assessments or audits from external and internal customers, providing necessary documentation and addressing inquiries to ensure compliance and risk mitigation

Partner with technical teams, advising on applicable control requirements and proposing potential solutions to address identified risks, fostering a secure and compliant environment

Conduct compliance assessments of controls for in-scope systems, including remediation assessments and audit-readiness assessments, to ensure adherence to IT policies and standards

Identify control deficiencies and maintain records of deficiency details, including management response documentation and evidence of exposure checks, to track and address areas for improvement

Collaborate on the 3rd Party Risk Management program, managing and mitigating risks associated with third-party relationships

Maintain and improve the Information Security Policy Set, ensuring that policies are up to date, aligned with industry best practices, and effectively communicated to employees

Provide insight and recommendations to leadership as part of a global information security team, contributing to strategic decision-making and continuous improvement efforts

Perform other information security activities as needed to support the overall objectives of the Information Security program at Lubrizol

Qualification

Risk ManagementInformation SecurityCompliance AuditingThird Party Risk ManagementCISA CertificationCISM CertificationCRISC CertificationISO StandardsNIST StandardsOperational RiskCybersecurity Threat AnalysisGRC ToolsAnalytical SkillsProblem-Solving SkillsCommunication SkillsProject ManagementContinuous Learning

Required

Bachelor's degree in Information Technology (IT), Information Security or a related field

Minimum of 3 years of relevant industry and professional experience in areas such as risk management, audit, third-party risk, operational risk, information security, or related fields

Practical knowledge of third-party risk management, including the ability to assess and manage risks associated with external vendors and partners

Solid understanding of security domains, including identity and access management, authentication, encryption, application security, network security, vulnerability and patch management, information security metrics, policies, standards, and procedures

Experience with ISO and NIST security standards

Expertise in tracking and analyzing emerging cybersecurity threats, risks, and trends

Proficiency in Microsoft Windows-based operating systems and collaboration tools

Demonstrated understanding of risk management processes, including the ability to identify, assess, evaluate, and treat risks

Knowledge of basic IT security principles, networking concepts, active directory, and SAP ECC/S4 concepts

Familiarity with risk management frameworks, such as ISO 31000 or COSO ERM

Ability to resolve issues via undocumented methods through research and investigation

Experience in documenting issues and solutions to assist end users and co-workers

Strong analytical and problem-solving skills

Knowledge of regulatory compliance requirements, such as GDPR, HIPAA, or SOX

Familiarity with data privacy and protection principles

Experience with conducting risk assessments and developing risk mitigation strategies

Proficiency in using risk management tools and software, such as GRC (Governance, Risk, and Compliance) platforms or risk assessment software

Understanding of incident response and business continuity planning

Knowledge of cloud computing security principles and best practices

Strong project management skills

Excellent communication and presentation skills

Continuous learning mindset

Preferred

CRISC (Certified in Risk and Information Systems Control)

CISM (Certified Information Security Manager)

CISA (Certified Information Systems Auditor)

Operational knowledge of a risk management system, such as AuditBoard, RSA Archer or ServiceNow IRM

Experience with CIS (Center for Internet Security) benchmarks and controls

Benefits

Competitive salary with performance-based bonus plans

401K Match plus Age Weighted Defined Contribution

Competitive medical, dental & vision offerings

Health Savings Account

Paid Holidays, Vacation, Parental Leave

Flexible work environment

Company

The Lubrizol Corporation

Glassdoor3.5

The Lubrizol Corporation, a Berkshire Hathaway company, is a science-based company whose specialty chemistry delivers sustainable solutions to advance mobility, improve well-being and enhance modern life.

Founded in 1928

Wickliffe, Ohio, USA

5001-10000 employees