Director, Information Security Grc (Remote)

Salary:  $165,000 - $205,000 + bonus eligible (commensurate with experience)

Who We Are

Compass Technology is a dedicated internal team for Compass Group delivering enterprise-wide initiatives that support our diverse customer base and enhance our business operations. 

Our domain encompasses a vast spectrum of opportunities, from hands-on desk support to Cybersecurity, Cloud Engineering, AI, and Modern Application development. We are committed to building robust IT infrastructures, driving digital transformation, and much more. 

Compass Group is the leading foodservice management and support services company, with $26 billion in revenue in 2023.

In 2023, Compass Group was named one of Forbes’ America’s Best Large Employers along Springbuk’s Healthiest 100 Workplaces in America (since 2019).

Job Summary

The Director, Information Security GRC will have skills necessary to protect organizations from cyber threats and manage information security risk. One of the most important skills for a Director, Information Security GRC is an in-depth knowledge of cybersecurity technologies, networking protocols, and risk management strategies. This knowledge is necessary to help consult on initiatives, programs, and projects to raise the standard in Information Security and Risk Management. You are pragmatic and practical in your understanding of risk and security, but also willing to know when to pull in experts and advance. Additionally, working with external vendors to ensure they are current on the latest security trends and technologies. This role is also responsible for coordinating our PCI compliance program and plays a vital role in M&A Cyber risk assessments.

Preferred candidates will have expertise with NIST 800-171 and CMMC.

The Director, Information Security GRC will report directly to the Sr Director GRC & Audit.

Job Description:

• Provide professional supervision and guidance to the BISO and Information Risk Office. Influence clients and sectors to demonstrate the technology portfolio solutions that adopt the agreed security solutions.
• Lead Information Security Risk Assessments related to M&A, particularly post-acquisition activities prior to full integration, ensuring all immediate security requirements and remediations have been addressed.
• Provide oversight and leadership for the Third-Party Risk Management program. Find opportunities with existing processes and implement agreed upon improvements.
• Lead the PCI Compliance program and a small group of PCI certified analysts. Provide support with audits where PCI compliance is needed.
• Provide direct support capability to implement a CMMC program.
• Support the CIRO with fiscal management, planning, and budgetary requirements of the department.
• Strong fundamental understanding of technical security solutions and how they address customer risk exposure and solve key use cases.
• Provide support for our GRC platform technology and look for ways to leverage this technology to mature processes and improve customer outcomes.
• Work with line of business leadership to anticipate their objectives and needs to better serve the line of business.
• Support the OCISO, CD, CT management client satisfaction at all phases of the client relationship. Provide ad hoc support on special Information Security hot topics for the business.
• Implement and execute the vision set by security leadership. Provide leadership feedback for strategic direction.
• Deliver both technical and management debriefs, up to executive level.
• Establish and maintain relationships with external organizations and authorities to facilitate secure sharing of information.
• Stay current with emerging regulatory and compliance requirements and continuously assess impact to Compass Group; work with senior leaders to ensure that any impacts and associated work to remain compliant is included in Technology roadmaps.

Key Qualifications:

• Minimum of 5 years’ experience leading information security programs and applying information security, risk management and privacy practices.
• A minimum of 5 years practical experience designing and implementing enterprise information technology security; demonstrates industry leading security innovation skills and an eye towards understanding the threat environment from a preventative posture.
• 1+ years leading an M&A Cyber Risk function.
• Strong demonstrated knowledge of enterprise systems, cloud solutions and IT/security technologies.
• Experience with IT auditing, risk analysis, business system resumption planning, and contingency planning.
• Risk management experience as it relates to information security.
• Experience working with global teams based in Canada, Europe, Asia, and the United States.
• Bachelor’s and/or master’s degree in computer science, Cyber Security, Information Technology, Risk Management, or related field.
• At least one of the following active certifications: CISSP, CRISC, CISM or equivalent.
• 5+ years of cross-discipline Information Security/Information Technology experience
• Broad knowledge of common standards, frameworks, and regulatory requirements (HIPAA, PCI, etc.) Willingness to work on a problem to completion in a fast-paced environment.
• Willing and able to innovate and create novel solutions to complex challenges.
• Direct experience with regulatory compliance reviews and examinations.
• Project and program management skills.
• Excellent leadership and collaboration skills.

 Apply to Compass Group today!

Click here to Learn More about the Compass Story

Compass Group is an equal opportunity employer.  At Compass, we are committed to treating all Applicants and Associates fairly based on their abilities, achievements, and experience without regard to race, national origin, sex, age, disability, veteran status, sexual orientation, gender identity, or any other classification protected by law.

Qualified candidates must be able to perform the essential functions of this position satisfactorily with or without a reasonable accommodation. Disclaimer: this job post is not necessarily an exhaustive list of all essential responsibilities, skills, tasks, or requirements associated with this position. While this is intended to be an accurate reflection of the position posted, the Company reserves the right to modify or change the essential functions of the job based on business necessity. We will consider for employment all qualified applicants, including those with a criminal history (including relevant driving history), in a manner consistent with all applicable federal, state, and local laws, including the City of Los Angeles’ Fair Chance Initiative for Hiring Ordinance, the San Francisco Fair Chance Ordinance, and the New York Fair Chance Act. 

Compass Technology maintains a drug-free workplace.

Applications are accepted on an ongoing basis.

Associates at Corporate are offered many fantastic benefits.

• Medical
• Dental
• Vision
• Life Insurance/ AD
• Disability Insurance
• Retirement Plan
• Paid Time Off
• Holiday Time Off (varies by site/state)
• Associate Shopping Program
• Health and Wellness Programs
• Discount Marketplace
• Identity Theft Protection
• Pet Insurance
• Commuter Benefits
• Employee Assistance Program
• Flexible Spending Accounts (FSAs)

Associates may also be eligible for paid and/or unpaid time off benefits in accordance with applicable federal, state, and local laws. For positions in Washington State, Maryland, or to be p formed Remotely, click here for paid time off benefits information. 

Req ID:  1392943

Compass Technology

Michelle Lombardozzi