Manager of Technology and Security Compliance (Finance)
Together We Innovate. Together We Change Looking to support a Fortune 200 company's compliance strategy, mission, frameworks and roadmap while maintaining the security and integrity of IT systems and data? If you have a bachelor's degree or equivalent experience along with eight plus years of security control selection and validation, assessments and a system accreditation, auditing or technology architecture, we want to speak with you! We are currently looking for a Manager of Technology and Security Compliance to join our Enterprise Technology group in Richmond, VA. We are open to a remote work arrangement but periodic travel to Richmond, VA and working EST hours is required. The Manager will serve as a part of the cybersecurity team, partnering closely with Business Information Security Officers and the broader IT Risk Management team. The Security Controls and Compliance team focuses on preparing systems for audits through pre-audit testing, control validation, and supporting control owners in document creation to ensure the delivery of high-quality security compliance and audit results, delivering outstanding IT compliance strategies to accomplish goals. This position will support the creation or revision of policies and standards to ensure traceability with security and compliance standards. Collaborating, briefing and aligning regularly with internal and external partners in a fast-paced environment that delivers business value and enables the achievement of compliance objectives is key. What you will be doing:
Partnering with control owners to build, update, and implement controls across applicable domains (AI, PII, SOX, PCI, HIPAA, etc.).
Developing and revising compliance architecture & strategy to support technology alignment with company's business strategy
Managing pre-implementation SOX control assessments and compliance engagements
Working closely with system owners, developers, and IT teams to ensure controls are implemented effectively throughout the SDLC; support annual testing of controls
Conducting security assessments and building Security Assessment Reports (SAR) of security controls to determine their effectiveness in protecting systems and data
Establishing and maintaining compliance standards, patterns and guidelines that optimize Altria's business operations
Building and overseeing the usage of compliance and controls metrics and dashboards, driving a value approach to utilization across portfolio delivery, and briefing senior leaders
Partnering with Corporate Audit and audit liaison functions to support delivery of artifacts to internal and external auditors and minimize findings
Drafting and updating policies and standards that align with industry and regulatory requirements or standard methodologies.
We want you to have:
Bachelor's degree or equivalent experience in an IT-related subject area
8+ years of experience in the information technology field specializing in security control selection and validation, assessments and a system accreditation, auditing or technology architecture.
Demonstrable proficiency with current IT technologies.
Knowledge and hands-on experience with NIST 800-series guidelines (e.g. Risk Management Framework (RMF) 800-37, continuous monitoring 800-137), Security Assessment & Authorization (SA&A) requirements and processes, Continuous Monitoring Framework experience and its tools, Plan of Action & Milestones (POA&M) policies, and vulnerability/patch management, risk management, project management
Knowledge and experience with of industry specific compliance standards (e.g. Sarbanes-Oxley (SOX), SEC, HIPAA, PCI DSS, etc.) as they pertain to information systems and testing of associated controls.
Familiarity with vulnerability and scanning tools and proficient in interpreting risk posture resulting from assessment reports. Experience in project management and tracking, and the Microsoft suite of office products.
High proficiency with documenting and or reviewing security materials such as; system security plans (SSP), Security Assessment Report (SAR), Security Assessment Plan (SAP), and other documents per NIST 800 guidelines.
The starting salary is based on but not limited to experience, knowledge, and qualifications in determining compensation decisions. The Salary Range for this position is: $116,200.00 - $168,400.00. We deliver a market-competitive, equitable pay with a Total Reward program that includes:
Annual performance incentive based on individual and company performance
Competitive Medical, Dental, and Vision insurance to support you and your loved ones
Flexible Work Environment to include vacation and generous holidays
Deferred Profit-Sharing Plan (401K) with matching contributions on day 1, including a yearly company contribution
Paid Paternity and Maternity Leave
Employee Recognition Awards
Student Loan Assistance
To learn more about How to Support you and your Loved Ones, Work-Life Balance, and Invest into your Future, visit our additional benefits at Benefits (altria.com)