Receive alerts when this company posts new jobs.
Enterprise IT Risk & Compliance Specialist
at MiTek Industries
MiTek® Industries Inc., a subsidiary of Berkshire Hathaway, Inc., is the world's leading supplier of state-of-the-art, engineered connector products, engineering services, and computer-driven machinery for the building component industry. We provide the industry's most advanced, most comprehensive, and most innovative software for design and manufacturing. Our products and services are backed up by a team of industry professionals who are dedicated to one goal – making our customers successful.
The Enterprise Risk & Compliance Specialist is a detail-oriented, process-focused role that works to ensure that all Cybersecurity Risk is identified, communicated, and remediated to an acceptable level across the MiTek organization. This role will have considerable experience in objectively evaluating current state against context to identify gaps as well as effective articulation of those gaps to stakeholders. This role requires working across multiple work streams and communicating effectively with senior technology leaders and business partners which span across multiple lines of business globally.
The Enterprise Risk & Compliance Lead will also work with Project Management throughout the Project Delivery life-cycle to evaluate designs and configurations for their compliance levels relative to MiTek’s current Policies, adopted Standards, and any applicable Laws or Regulations. Evaluate, Revise, and Coordinate the effectiveness and delivery of MiTek’s Enterprise Information Security Program to ensure that the workforce is risk aware and compliant with their training and acknowledgment requirements all while regularly reporting the current status and performance of the Program.
- Plans and directs efforts related to monitoring and auditing of risk areas, including establishing standards, processes, and assessment and tracking tools to evaluate compliance with regulations, policies, procedures and internal control processes.
- Analyzes, monitors and audits outcomes to determine operations' compliance with regulatory requirements.
- Identifies potential risk areas which facilitates early and appropriate response to potential risks.
- Tracks, Monitors, and Reports on implementation of remediation action plans and documents resolution of any identified regulatory violations.
- Identifies and reports findings, trends, problems and activities that may indicate a need for change in policies, procedures, internal controls, or training.
- Collaborates cross-functionally with other technology teams and Information Security and Risk Organization.
- Disseminates changes in related regulations or security standards, and the application of such changes to current policies, procedures or processes to appropriate staff.
- Contributes to major organizational initiatives to ensure new systems align with existing policies and compliance requirements.
- Provides senior leadership with comprehensive reports of activities and outcomes, as requested.
- Ensures all appropriate employees and management are knowledgeable of, and comply with, Security Training and Policy Acknowledgement requirements.
- Collaborate with other IT functional leaders to set overall IT direction and deliver projects that span business areas in a cost-effective way that complies with enterprise standards and processes. Team up with peers and business leaders to manage an effective IT governance framework.
- Innovate, plan, evaluate, and improve the efficiency of business processes and procedures to enhance speed, quality, efficiency, and output.
- Establish and maintain relevant controls and feedback systems to monitor the operation of your area(s) of responsibility.
- Foster a spirit of teamwork and unity that: allows for differing points of view to be shared openly, encourages collaboration, cohesiveness, support, and deals with conflicting ideas and perspectives in an expeditious and healthy manner.
MiTek is an E-Verify and Drug and Tobacco-Free Workplace. MiTek is an EEO/Affirmative Action Employer. Our organizations do not allow discrimination in hiring/employment decisions based on race, creed, color, veteran status, sex, religion, national origin, age, physical or mental disability, genetic information or any other characteristic protected by law.
- Strong experience leveraging auditing principles and methods to evaluate policies, processes and systems to identify business risks and control gaps
- Experience interpreting and implementing policies and processes to ensure a strong control environment
- Experience in managing compliance programs for technology and information security
- Functional knowledge of how to find vulnerabilities and risks associated with Windows operating systems and Linux operating systems and components, Networking Protocols and equipment, and major application platforms
- Experience with establishing, maintaining, and leveraging a Risk Register to track and communicate identify Risk and its required remediation
- Proficiency in necessary productivity tools (such as Microsoft Excel and PowerPoint) for analytics and presentations
- Operate with strong integrity with the ability to handle projects of a sensitive and confidential nature
- Organization - Adequately plan, organize, communicate, and execute an array of activities from simple tasks and complex projects to deliver results in a timely and fiscally responsible manner with personal accountability.
- Interactions With Others - Must be a team player who interacts well with other members of the IT and other company associates. Must seek out and share information and develop trust and rapport with coworkers at all levels in the organization.
- Oral Communication - Speaks clearly and persuasively in positive or negative situations; Listens and gets clarification; Responds well to questions; Participates in meetings.
- Written Communication - Writes clearly and informatively; Edits work for spelling and grammar; Varies writing style to meet needs; Presents numerical data effectively; Able to read and interpret written information.
- Candidate should possess strong organizational skills, be detail-oriented and self-motivated with a demonstrated ability to problem solve.
- Attendance during work regular work hours and flexible hours as business needs permit.
Education: Bachelor's degree in Information Technology or related field, or equivalent experience
- 7+ years’ experience in Risk, Technology, Compliance, Regulatory, Audit, or similar functions
- 4+ years working in Information Security roles involving assessment or audit functions
- CRISC Certification (Current status, or obtained within 6 months of assuming role)
- Experience with Python, PowerShell, Java, Java Script, JSON, REST, Scripting, HTML
- Understanding of trends and regulations to ensure effectiveness and compliance with all regulations, standards, and frameworks (NIST, HIPPA-HITECH, GDPR, etc.)