Manager, Governance Risk and Compliance (GRC)

Overview

Harnessing the strength in our diversity and industry-leading talent of 40,000+ employees across more than 240+ global locations, we develop, design, and manufacture innovative products with an eye toward the circular economy. At Berry Global, we believe in the extraordinary power of people and their unique talents, experiences, and perspectives that help shape a shared future of innovation, inspiration, and influence. Every employee at Berry Global has the opportunity to make their mark on our company and the world around us. Together, we champion a people-first culture that cultivates individual growth, diversity, and collaboration, unleashing our collective strengths to forge a path to greater success for our company, people, and planet. For more information, visit our website, or connect with us on LinkedIn.

As Manager, Governance Risk and Compliance (GRC), you will be a hands-on people leader responsible for our security governance, risk, and compliance programs in a technology-driven organization. Partnering with our technology, business and legal teams, you will play a key role in influencing the organization’s cybersecurity posture through assessing and driving remediation of security risks and ensuring compliance with relevant frameworks and contracts. Your technical expertise with security frameworks and their application to people, processes, and technology will be crucial in ensuring that security posture aligns with industry best practices.

Responsibilities

· Lead and manage all aspects of applicable cybersecurity audits, such as scope definition/validation, audit readiness, walkthroughs, evidence collection, and liaising with external auditors

· Drive adoption of relevant security compliance requirements through thorough analysis and prescriptive guidance

· Define and lead security risk management processes, leveraging automation and partnering with stakeholders to perform hands-on risk assessments

· Oversee the policies and standards lifecycle process to ensure they address all relevant cybersecurity requirements

· Define and lead third-party risk management efforts establishing process to support both customer and vendor assessments.

· Proactively identify compliance gaps through continuous monitoring, working closely with control owners to identify ways to effectively monitor compliance posture through automation

· Document and report identified security or compliance issues and work with control owners on remediation requirements, strategy, and execution, providing recommendations that can be reasonably adopted

· Regularly monitor remediation activities for noted findings, and escalate on remediation plans that are at risk of being overdue

· Develop and maintain security reporting to provide real-time and on-demand compliance status

· Maintain an up-to-date understanding of emerging trends in information security risks; apply new techniques and trends, in-line with overall information security objectives

Qualifications

· 6-8+ years of experience in technology audit, security risk management, and/or security compliance role, with at least 2-4 years implementing or auditing compliance with key cybersecurity standards (e.g., SOX, ISO 27001, SOC2, etc.) diverse and global technology IT environment.

· Experienced with cloud infrastructure technologies and services (e.g., AWS, GCP, Azure) as well as various enterprise SaaS solutions

· Ability to effectively manage a team while also providing hands-on support as needed

· Experienced with the implementation and/or use of control automation and compliance tools

· Excellent organizational skills, proactive and self-sufficient with a proven ability to work independently to effectively prioritize and execute tasks

· Drive, determination, and the ability to overcome roadblocks and initial objections

· Strong project management skills

· Ability to work collaboratively with multiple stakeholders across different backgrounds and skill sets

· Strong written, verbal communication, and presentation skills.

· BS/BA in a related field (e.g., Business Administration, Computer Science, MIS) desirable, or equivalent relevant experience

· Security-related or cloud-related certifications such as CISM, CISA, CISSP, , etc. is a plus.