Supervisor, Information Security - GRC

By living according to a common set of values, we create a culture that unifies, embraces the uniqueness we all bring to the company, and positions Integer for long-term success.

At Integer, our values are embedded in everything we do.

Customer

We focus on our customers’ success

Innovation

We create better solutions

Collaboration

We create success together

Inclusion

We always interact with others respectfully

Candor

We are open and honest with one another

Integrity

We do the right things and do things right

Accountabilities & Responsibilities:

• Adheres to Integer’s Values and all safety, environmental, security and quality requirements including, but not limited to: Quality Management Systems (QMS), Safety, Environmental and Security Management Systems, U.S. Food and Drug Administration (FDA) regulations, company policies and operating procedures, and other regulatory requirements.
• Manage a team of GRC Analysts and Senior Analysts which includes hiring and training employees, monitoring and motivating staff, and the overall development of associates under this position.
• Cross-Functional Support: Provide support and guidance to associates from multiple local teams in security, including providing coaching, training, and development opportunities, as well as helping to resolve conflicts or issues that may arise across teams.
• Manage the development, implementation, and coordination of the Information Security Risk Management Program
• Manage the development, implementation, and coordination of the risk and compliance of third-party vendors and suppliers
• Assess, report and mature the compliance posture for regulatory and contractual requirements as well as internal policies and guidelines
• Manage, promote, and monitor the Information Security training and awareness program
• Provide subject matter expertise related to DFARS, ITAR, SOX, and other information security regulations.
• Track assigned information security risks through the risk management process including risk identification, analysis, decision making, treatment planning and tracking.
• Establish and maintain metrics and KPIs to track program progress as well as the current state of defenses and protections
• Prepare internal and external audit evidence.
• Lead projects as assigned to enhance Integer compliance capabilities.
• Maintain proficiency with applicable laws, regulations, and standards.
• Draft and maintain compliance documents (e.g. policies, standards, procedures, etc.).
• Define, document, and maintain infrastructure configuration standards according to industry benchmarks
• Conduct and coordinate Business Impact Analysis on critical portions of the business in support of DR and BCP
• Perform Information Security Program maturity self-assessments and recommend changes and new initiatives
• Develop, implement, maintain and enforce data classification and protection standards
• Performs other duties as required.

Education & Experience:

• Minimum Education: Bachelor’s Degree in Computer Science, or equivalent (10+ years) work experience.
• Minimum Experience: 6+ years of experience with IT Security Governance, Risk, and Compliance; Experience in a publicly-held IT organization preferred
• Requirement to speak, read AND write in English with a minimum of 85% proficiency

Knowledge & Skills:

• Special Skills:
  • Understanding on how to quantify risk and put these risks in business terminology.
  • Understanding of security configuration of different infrastructure technologies.
  • Skill in managing and responding to regulatory audits such as DFARS, SOX, etc.
  • Skill in deploying and managing a security awareness training regimen. 
  • Skills in developing and maintaining relevant security KPIs and metrics.
  • Skills in developing and maintaining security policies, standards, and procedures.
  • Effective business consulting skills including the ability to establish rapport with the business.
  • Superior organizational and communication skills.
  • Highly proficient oral and written communication capabilities as well as executive presentation abilities.
  • Proficient with MS Office Tools
  • Experience with vendor relations
  • Project Management
  • Budget Management

• Specialized Knowledge:
  • CISSP or similar security certification preferred - In addition, CISSP-ISSEP, CISA, CRISC, and ITIL ITSM Foundation is desirable.
  • Working knowledge security framework models such as NIST CSF, ISO 27000 series, COBIT, etc.
• Other:
  • Displays the highest standard of integrity (demonstrated by an unblemished career history, complete lack of criminal convictions etc.), and willing to undergo vetting and/or personality assessments to verify, if necessary.
  • Travel 0-15% of time depending on business needs.

U.S. Applicants: EOE/AA Disability/Veteran