Lead Governance Risk & Compliance Auditor
Neenah, WI, US, 54956
Full Time Senior-level / Expert USD 103K - 119K
- Remote-first
- Website
- @JJKeller 𝕏
- Search
J. J. Keller & Associates, Inc.
J. J. Keller is the trusted source for DOT Transportation, OSHA Workplace Safety, Construction and Human Resources (HR) products and services. Our regulatory experts have years of experience helping companies meet their safety and compliance... Requisition #: 19753
Functional Area: Contracts/Legal; Audit/Risk/Compliance
Employment Type: Full-Time
Work Options: Remote / Work from Home in the US #LI-Remote
Work Hours: 8:00 am to 5:00 pm
Position Summary
The Lead Governance Risk & Compliance Auditor position is responsible for evaluating conformance of information security safeguards with security and privacy control frameworks, laws, policies, and customer requirements. This position is part of the Risk & Compliance team, segregated from other business units in order to maintain objectivity in its audit oversight role. This position can work onsite at our corporate campus in Neenah, WI, hybrid or fully remote.
Job Responsibilities
- Leads internal and external audits and risk assessments for SOC 2 Type II, ISO 27001, PCI-DSS and other standards. Evaluates suitability of security measures to protect company information, recommends improvements, and issues deficiency notices as needed. Evaluates, monitors, and consults on resulting corrective action plans and remediation efforts.
- Coordinates and manages the completion of penetration tests with external consultants and internal resources, and the development, implementation, and monitoring of related corrective action plans, and distribution of resulting reports to interested parties.
- Develops and reviews policies, guidance, and training for information security, and provides consulting services promoting overall achievement of corporate security objectives and compliance with regulatory and customer requirements.
- Maintains security incident response plans and metrics. Leads evaluation of security incident reports, and execution of incident response efforts, including task management, resource coordination, after action reviews, and incident documentation. Participates in business continuity efforts by leading annual security incident tabletop exercises, generating a post-exercise review, and by driving preparation of business impact assessments.
- Advises and assists with achieving compliance with federal and state privacy and information security laws, including California Consumer Privacy Act (CCPA).
- Assesses information security and privacy practices of vendors/suppliers to ensure company requirements are being met.
- Reviews and advises legal team on information security requirements in proposed customer and vendor contracts.
- Advises on and responds to customer requests for information about the company’s security strategy and practices.
- Evaluates external environment trends in threats, technology, security, and compliance. Recommends changes to risk profile, policies, procedures, and other guidance. Produces and performs information security training for associates. Promotes company awareness of information security.
- Triages security policy exceptions. Evaluates and consults on the business risks and proposed compensating controls. Follows up on approved exceptions expiring.
Qualifications
Experience
- 5+ years' experience in an information/data security role.
- Experience with SOC 2 Type II, ISO 27001, and privacy frameworks, designing controls, and auditing to the frameworks.
- Experience addressing security and compliance terms in commercial contracts.
- Experience completing security questionnaires and evaluating vendor assessments.
- Experience using GRC tools, such as AuditBoard.
Education
- Bachelor’s degree in computer science, information security, or related field.
- CISSP, CRISC, CISM, GIAC, and/or CEH certification preferred.
Other Skills/Qualifications
- Outstanding interpersonal, written and verbal communication and presentation skills.
- Strong analytical, problem-solving, and conflict management skills.
- A curious, courageous, and practical mindset that can balance compliance with ethical and business needs.
- Eager to gain a comprehensive understanding of the business.
- Ability to work cross-functionally, with many teams, including sales, infrastructure, security, and product teams.
- Ability to influence and lead business partners and supporting teams.
- Knowledge of risk management concepts, such as risk appetite/tolerance, risk mitigation, compensating controls, etc.
Physical Requirements
Work is performed primarily in a standard office environment. Work involves operation of personal computer equipment for extended periods of time.
We Protect People & The Businesses They Run™
Every associate at J. J. Keller makes a difference by creating safer, more respectful workplaces. Whether serving our customers directly with expertise in safety and regulatory compliance or supporting the business with specialized skills, together we contribute to better workplaces for people across North America.
J. J. Keller History: November 1, 2023, marked 70 years of business for J. J. Keller & Associates, Inc. Click HERE to take a tour through three generations of this family-owned business – from our founding as a one-man consulting firm through decades of delivering on our purpose of protecting people and the businesses they run.
J. J. Keller Career Stories: Click HERE to hear from our associates about what they have to say about life as an associate at J. J. Keller.
J. J. Keller Earns 8th Great Place to Work Certification™: Click HERE to find out what makes J. J. Keller great.
J. J. Keller Certified as a Top 100 Most Loved Workplace® in America: Click HERE to find out why our associates LOVE working at J. J. Keller.
2024 Top Company for Women to Work for in Transportation: Click HERE to learn more about this prestigious recognition.
J. J. Keller provides a competitive benefit package which includes the following (eligibility requirements apply): Medical, Dental, and Vision Insurance, 401(k) and Profit Sharing Plan, etc. The compensation range for this role is $103,000.00 to $119,410.00 which varies depending on factors including, but not limited to, a candidate’s overall experience and geographic location. Note that J. J. Keller is not currently recruiting employees to work in California.
If you experience system-related issues or need assistance with the online application, please call (920) 720-7700.
Professional Referral Program: Not the right role for you, but know someone who could be a great fit? Click HERE to refer them to us through our Professional Referral Program and you will earn a cash payment if your referral is hired.
J. J. Keller & Associates, Inc. is an Equal Opportunity Employer and does not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class.
Tags: Audits CCPA CEH CISM CISSP Compliance Computer Science CRISC GIAC Governance Incident response ISO 27001 Monitoring Privacy Risk assessment Risk management Security strategy SOC SOC 2 Strategy
Perks/benefits: Career development Competitive pay Gear Health care Insurance
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.