Audit and Compliance Project Manager

"At L.L.Bean, we believe the outdoors brings out the best in all of us. We are committed to fostering a culture of diversity and creating safe, inclusive spaces where everyone feels welcome—both here and Outside. We value individual differences and are dedicated to maintaining an inclusive work environment where everyone can bring the best of their experience and talents and truly thrive."

L.L.Bean is looking for an Audit and Compliance Project Manager to join our Cybersecurity Team.

We welcome the opportunity for this role to be hybrid based at the corporate headquarters in Freeport, Maine, or to be based remotely in the following states: Colorado, Connecticut, Florida, Georgia, Illinois, Indiana, Kansas, Maine, Maryland, Massachusetts, Michigan, Minnesota, New Hampshire, New Jersey, New York, North Carolina, South Carolina, Ohio, Pennsylvania, Rhode Island, Vermont, Virginia, Wisconsin.

Position Purpose: As a core member of the Governance, Risk, and Compliance Team, this position will play a key role in planning, organizing, communicating, project managing, and reporting the IS GRC Compliance related audits and assessments. Supports GRC, Business, and IT Leadership through developing and maintaining PCI, NIST and L.L. Bean policy compliance documentation and processes in partnership with peers and manager.

Responsibilities:

• Support the review, distribution and compliance of internal and external IT policies.

• Conducts effective PCI audit planning including identifying evidence or control gaps, remediation activities and projects; and managing/working-with the PCI qualified security assessor (QSA).

• Communicates above, below, and outward with an informative, helpful, service-based mindset to manage timely audit and assessment evidence collection or control testing.

• Support the IS Compliance documentation and process repositories and continually revisit for opportunities to improve communications or efficiencies.

• Ensures communication is maintained with business areas throughout the duration of an assessment or audit and that observations are presented to GRC and IS Sr. Leadership appropriately.

• Report all PCI and Compliance project portfolios to the GRC team and leadership

• Manage potential GRC Compliance contract project management staff, including project assignments and administration of contractors, also including managing relationships with organizations like PCI Security Council.

• Prepares professional, well-documented reporting throughout and at the conclusion of every audit or assessment engagement.

• Follows up on open audit recommendations to communicate reminder deadlines and offer support if needed.

• Independently manages workload and provides regular updates on progress against plan.

• Assists in the identification and prioritization of audit risk areas during the development of the annual audit plan by working with the GRC Risk and Security Operations teams.

• Develops and maintains business relationships with leadership in assigned service units and/or business units.

• Provides feedback and makes recommendations to continuously improve department procedures and work standards.

• Ensures that audit and assessment procedures and process documentation stay updated and current including managing the Compliance Team tools for accurate reporting and management.

• Assumes additional related responsibilities as requested.

Health and Safety Requirement: Every employee is responsible for contributing to a safe and healthy workplace. Employees are expected to be active participants in health and safety by following all safety policies and procedures, reporting unsafe conditions or at-risk behaviors to leadership, and conducting work in a safe manner. Those in a leadership role are also expected to model safe behaviors, evaluate risk, and ensure that risks are reduced to acceptable levels.

Education Level: 4-Year Bachelors Degree
Years of Experience: 4+

Skills and Qualifications:

• BS/BA in Management, Accounting, Finance or another related field, or equivalent

• 4 plus years of security, compliance, and/or audit experience

• Certifications (not required): PCIP, ISA, NIST, SOX, etc.

• Familiar w frameworks: PCI, NIST Cybersecurity, NIST Privacy, State Privacy Laws, CISv8, etc.

• Excellent computer skills

• Excellent oral and written communication skills

• Production- and results-oriented

• Strong business acumen

• General IT acumen

• Demonstrated team-building skills

"If you care about the outdoors, joining L.L.Bean is a great way to feel good about what you do. Our benefits package makes a good thing even better, with programs and perks designed to support your health and financial goals. Plus, maintaining a healthy work-life balance and re-charging outside are all part of the plan.

If your experience looks a little different from what we've identified and you think you'd be great at this role, we'd love to learn more about you!   At L.L.Bean, we believe the outdoors brings out the best in all of us.  We strive to reflect this every day in our commitments to employees and partners and in our efforts to promote diversity, equity, inclusion, and sustainability."