Security, Risk and Compliance Manager

What’s Unique About You Is What Makes Us Better! Diversity is our strength and competitive advantage. Bring your flavor to the Papa John's team today!

Job Summary

As the Information GRC Manager, you will be a critical part of the Papa Johns global information security team. We are looking for a thought leader in security, risk, and compliance to join us and expand our overall security program.  You will assist the information security team in identifying, assessing, and mitigating security risks, ensuring compliance with relevant regulations and industry standards, and implementing effective security controls across the organization. This role requires a strong understanding of information security principles, risk management frameworks, and compliance requirements. If you are a proactive self-starter and looking for a role that will allow you to roll up your sleeves and implement meaningful change, this could be the perfect fit!

Role Responsibilities

• Leading risk assessments to identify security risks across business functions, products and systems; develops and oversees risk register and ongoing risk treatment lifecycle, including exceptions; provides SOX subject matter expertise for testing of all IT Sarbanes-Oxley controls and liaison between audit and business personnel
• Conduct and maintain risk register to identify key business processes and associated systems, risks, and dependencies.
• Implement control benchmarking utilizing current CIS tools
• Work with the CISO to develop and manage end-to-end cyber disaster recovery testing and documentation.
• Develop or maintain global information security policies and standards.

• Develop and maintain Information Security Policies, Standards and Procedures for global teams.
• Develop and maintain security awareness training and phishing simulations for team members.
• Develop security requirements, guideline documentation and communication for Franchisees.

• Ensuring the organization maintains current compliance with all applicable Payment Card Industry Data Security Standard (PCI DSS) requirements across all payment channels
• Generates annual Report on Compliance (ROC) and Attestation of Compliance (AOC) for each applicable channel.

• You will be extremely well versed in PCI for cloud-based solutions and can effectively communicate how the internal security teams, development teams and infrastructure technologies and processes meet compliance. 
• Proactively stay informed of the latest legal, compliance and regulatory changes that impact the organization and assess for compliance with the continuously evolving requirements.
• Evaluate, monitor and communicate with new and current IT vendors to ensure they are maintaining minimum thresholds for cyber security.
• Foster relationships with management, across a range of functions including Internal Audit, Legal and Technology.

Everybody loves pizza, which means they also love the people who are behind the scenes working to deliver it. This is complex and challenging work – but let’s face it – it’s also pizza! If you want a fulfilling career with a company that’s always moving forward, we’re the right place.

Papa John's is a Federal Contract employer who participates in E-Verify to confirm employment eligibility for each new team member. For more information please view the following PDFs: E-Verify Poster (English) - Right to Work Poster (English) - E-Verify Poster (Spanish) - Right to Work Poster (Spanish) Papa John's is an Affirmative Action and Equal Opportunity Employer. For more information please click on the following PDF. See terms & conditions for site use.