Senior Manager, IT Compliance
Country : USA
State : New Jersey
County : Hudson County
Town : North Bergen
Category : Consulting - Audit
Contract type : Permanent
Availability : Full time
Defined by inclusivity rather than exclusivity, Tapestry embraces the exploration of individuality and invests in helping you grow personally and professionally. Every individual in our global house has the opportunity to make an impact, learn and be part of our growing and unique story.
At Tapestry, we have the freedom to express ourselves and run with our best ideas across Coach, Kate Spade New York, and Stuart Weitzman. We share a profound belief in both our individual and collective potential, and know that with hard work and dedication, anything is possible.
- As a Senior Manager in the IS organization, acts as an end-to-end expert in managing IT-related compliance initiatives; effectively achieve and sustain compliance with regulatory, industry and contractual obligations; and influence related priorities and decisions across the organization.
- Assist in the maintenance and preparation of clear, detailed and accurate compliance documentation, including process narratives, flow charts, control descriptions, risk control matrices, test programs, test results, and management responses and remediation. Being responsive to questions and assistance requests from control owners and business owners
- Drive consensus on measurable gains in IT compliance and information security practice maturity and measure progress towards them.
- Utilize sound judgment to identify and assess: risk, materiality, adequacy of audit evidence, compensating controls, and significance of findings
- Assess new system and process impacts against compliance controls, and perform spot reviews of select processes/control issues
- Provide regular business view updates of the state of compliance and security for senior leadership and external stakeholders. Produce metrics showing operational compliance with best practices
- Maintain the deficiency dashboard and monitor remediation status. Advise leadership on how to remediate deficiencies. Understand how to capitalize on the investment made in IT internal control systems already in place. Document and report status of agreed upon remediation plans, owners and commitment dates
- Prepare quarterly results decks; evaluate results and remediation plans; and prepare trend analysis.
- Coordinate the timing of audit visits and the timely receipt of information requests with our sites as well as both audit teams (internal and external). Conduct annual walkthroughs including coordination with Coach Internal & External Auditors
- Review and maintain GRC Platform and conduct Segregation of Duties (SOD) reviews
- Lead Annual Access Validation Project across all Global Systems - internally & externally hosted
- Develop and maintain a global security awareness program that effectively changes user behaviors
- Ensure that the security awareness program meets applicable global industry regulations, standards, and compliance requirements
- Lead, develop, and execute cybersecurity related awareness activities leveraging a variety of teaching and delivery methods
- Determine the frequency of cybersecurity related awareness activities to achieve the greatest impact and ROI
- Develop, collect, and analyze metrics for awareness campaigns in terms of reach, impact, and change in behavior to determine effectiveness and influence strategy/direction
- Provide project management skills for the projects under training and awareness responsibility- plan, manage and maintain a complex, organization wide program over the long term
- Create innovative awareness and training materials, tools and processes
- Develop & provide on-going metrics to measure the success of the security awareness program
- Conduct on-going phishing tests in multiple languages - globally - throughout the year
- Provide regular metrics on phishing success and failures
- Develop and maintain program to provide awareness training upon failure of phishing test
Third Party Assessments:
- Develop and maintain an active third-party assessment program to validate compliance against applicable security/privacy regulations or guidelines
- Review SOC1, SOC2, ISO and other industry standard reports from third party vendors
- Ensure vendor compliance and track remediation status
- Prepare customized third party assessment questionnaires & help maintain current compliance documents
- Bachelor's Degree
- Professional Certification in Compliance Standards (ex. CISA, CISSP, etc.)
- Proficiencies with the use of risk and control frameworks, and process improvement models (e.g. ISO Standards, COBIT, COSO, CMM, etc.)
- Minimum 6 years' experience in managing IT compliance related work (SOX & PCI is a must)
- Working knowledge of IT systems - ERP systems and financial reporting systems (SAP HANA a plus)
- Working knowledge of GRC & SOD tools (SAP GRC a plus)
- Retail company experience a plus
- High energy level, comfortable performing multifaceted projects in conjunction with day-to-day activities.
- Superior interpersonal abilities. Ability to get along with diverse personalities, tactful, mature, flexible.
- Display initiative and accept responsibility for assigned responsibilities under minimal supervision.
- Possess excellent verbal and written communication skills.
- Highly organized with an ability to stay in the detail, and resourceful to work effectively with multiple businesses, multiple audit teams and different time zones.
- Translates compliance and technical requirements into relevant and understandable terms
- Service oriented, yet assertive/persuasive.
- Excellent time management and organizational skills
- Self-motivated individual; action oriented; results driven
- Customer Focus: Is dedicated to meeting the expectations and requirements of internal and external customers; gets first-hand customer information and uses it for improvements in products and services; acts with customers in mind; establishes and maintains effective relationships with customers and gains their trust and respect.
- Creativity: Comes up with a lot of new and unique ideas; easily makes connections among previously unrelated notions; tends to be seen as original and value-added in brainstorming settings.
- Interpersonal Savvy: Relates well to all kinds of people, up, down, and sideways, inside and outside the organization; builds appropriate rapport; builds constructive and effective relationships; uses diplomacy and tact; can diffuse even high-tension situations comfortably.
- Learning on the Fly: Learns quickly when facing new problems; a relentless and versatile learner; open to change; analyzes both successes and failures for clues to improvement; experiments and will try anything to find solutions; enjoys the challenge of unfamiliar tasks; quickly grasps the essence and the underlying structure of anything.
- Perseverance: Pursues everything with energy, drive, and a need to finish; seldom gives up before finishing, especially in the face of resistance or setbacks.
- Dealing with Ambiguity: Can effectively cope with change; can shift gears comfortably; can decide and act without having the total picture; isn't upset when things are up in the air; doesn't have to finish things before moving on; can comfortably handle risk and uncertainty.
Our Competencies for All People Managers
- Strategic Agility: Sees ahead clearly; can anticipate future consequences and trends accurately; has broad knowledge and perspective; is future oriented; can articulately paint credible pictures and visions of possibilities and likelihoods; can create competitive and breakthrough strategies and plans.
- Building Effective Teams: Blends people into teams when needed; creates strong morale and spirit in their team; shares wins and successes; fosters open dialogue; lets people finish and be responsible for their work; defines success in terms of the whole team; creates a feeling of belonging in the team.
- Managerial Courage: Doesn't hold back anything that needs to be said; provides current, direct, complete, and "actionable" positive and corrective feedback to others; lets people know where they stand; faces up to people problems on any person or situation (not including direct reports) quickly and directly; is not afraid to take negative action when necessary.