The Kraft Group & Affiliates · 12 hours ago
Information Security Risk and Compliance Auditor
Foxborough (Foxboro), MA
Full-time
Onsite
Mid, Senior Level
$104K/yr - $119K/yr
4+ years expThe Kraft Group & Affiliates is seeking an Information Security Risk and Compliance Auditor responsible for building and implementing compliance programs and policies. The role involves collaborating with various departments to enhance security awareness and ensure adherence to regulatory standards.
Sports
Responsibilities
Establish and manage a compliance calendar for training and attestations. Identify and coordinate the delivery of IT security training and awareness for both technical and non-technical audiences
Document and communicate policies and procedures as they relate to IT security and risk management to all key stakeholders. Establish and maintain a repository of policies and procedures for internal constituent's use
Leverage organizational risk assessment to develop and refine on-going processes and deliverables to improve IT security and compliance. Work collaboratively with external partners on ad hoc risk assessments to focus on specific areas of concern and deliverables. Document and archive vendor risk assessment reviews and attestations
Partner with the business unit leadership on standards and regulations, such as PCI DSS, EU GDPR, FDA CFR or new business initiative needs to ensure compliance and completion of any filings or attestations. Act as an advisor to associates and management on specific security requirements, implementations and the impact on business processes, applications and systems as needed
Assist in data protection program initiatives
Communicate identified security risks to appropriate parties to ensure a clear understanding of the risks as well as potential mitigations
Provide a monthly report on the status of any compliance activities and remediation efforts. Circulate these finding to Key Stakeholders
Remain current and a functional expert in security practices and IT security regulatory compliance
Special projects and assignments as business dictates
Responsible for the maintenance, creation and control of all personally identifiable information or any other information protected by any Confidentiality or Privacy Standards or Company Policies that you have access or knowledge of, including but not limited to any state or federal regulations including HIPAA
Qualification
Required
Bachelor's degree in information technology related field, management information systems, or business administration
4-6 or more years of experience in information security, governance, IT audit, or risk management
Strong understanding of security governance, compliance, and risk management principles
Analytical ability to assess risks, adequacy of controls, and impact upon business processes
Strong written and verbal communication skills with all levels of management
Must have attention to detail and focused concentration
Must be able to make timely decisions in the context of the workflow
Must possess strong organizational skills, ability to multi-task and responsiveness
Must be able to adhere to process protocol and must be able to apply established protocols in a timely manner
Preferred
CISA or similar certification preferred
CISSP or CISM certification preferred
CobIT or related IT audit experience preferred
Company
The Kraft Group & Affiliates
In 1965, Robert Kraft graduated from the Harvard Business School and began laying the foundation for starting companies based on working with customers in a highly personalized way.
1001-5000 employees
Funding
Current Stage
Late StageLeadership Team
Eileen Casey
Chief Tax Officer
Joey Cohen
Partnerships Coordinator
Company data provided by crunchbase