Risk Management and Compliance Lead

Description -

Job Summary
• The Cybersecurity Governance focus specializes in developing and executing security controls, defenses and countermeasures to prevent attacks or attempts to infiltrate firm email, data, e-commerce and web-based systems. Administers policies to control physical/virtual access to systems. Performs tests to ensure policy compliance; responds to breaches and threats.

Responsibilities

• Leads the management and proactive improvement of HP's security governance, risk management, policies, and operations related to issue resolution, vulnerability/threat analysis and prevention, and security research. Works closely with the enterprise security team, guided by other risk management leaders, to manage compliance and cybersecurity risks at the business unit level.

• Security risk assessments: Performing assessments to identify risks and compliance issues
• Security controls for PRINT organization: Implementing and maintaining security controls to meet regulatory requirements. Driving necessary compliance efforts (ISO, CMMC, FEDRAMP etc..), including access control and cloud compliance across business units for PRINT
• Compliance: Ensuring compliance with internal and external requirements, such as laws, regulations, and industry frameworks
• Leading SOX compliance efforts for PRINT – Access review coordination for SOX ITGC and Business Applications
• Documentation: Documenting and reporting on compliance levels, control failures, and gaps
• Training: Training and guiding other staff on security assessment functions
• Policy and procedure maintenance: Maintaining and proposing edits to policies and procedures
• Risk register: Maintaining a risk register and tracking mitigation efforts  for a subset of business units
• Compliance reports: Generating and providing compliance reports and metrics
• Maintaining digital asset Inventory for PRINT by coordinating with BU security leads and enterprise security team
• Collaborate with risk and control owners to manage the risks to enable business outcomes.

Education & Experience Recommended
• Four-year or Graduate Degree in Computer Science, Information Technology, or any other related discipline or commensurate work experience or demonstrated competence.
• Typically has 10+ years of work experience, preferably in cyber & IT security, or a related field.

Preferred Certifications
• N/A

Knowledge & Skills
• Cybersecurity operations
• Cybersecurity governance
• Cybersecurity policies
• Auditing/ IT Auditing
• Risk management
• Automation
• Risk analysis
• Issue tracking
• Security controls
• Operating systems

• SOX ITGC controls ( Access Management, Change Management, & IT Operations)

• SOX financial reporting

• Risk Assessment

• Control validation

• Security compliance

• CMMC Experience

• ISO Experience

Cross-Org Skills
• Effective Communication
• Results Orientation
• Learning Agility
• Digital Fluency
• Customer Centricity

Impact & Scope
• Impacts large functions and leads large, cross-division functional teams or projects.

Complexity
• Provides highly innovative solutions to complex problems within established policy.

Disclaimer
• This job description describes the general nature and level of work performed in this role. It is not intended to be an exhaustive list of all duties, skills, responsibilities, knowledge, etc. These may be subject to change and additional functions may be assigned as needed by management.

#LI-POST

Job -

Schedule -

Shift -

Travel -

Relocation -

Equal Opportunity Employer (EEO) - 

HP, Inc. provides equal employment opportunity to all employees and prospective employees, without regard to race, color, religion, sex, national origin, ancestry, citizenship, sexual orientation, age, disability, or status as a protected veteran, marital status, familial status, physical or mental disability, medical condition, pregnancy, genetic predisposition or carrier status, uniformed service status, political affiliation or any other characteristic protected by applicable national, federal, state, and local law(s).

Please be assured that you will not be subject to any adverse treatment if you choose to disclose the information requested. This information is provided voluntarily. The information obtained will be kept in strict confidence.

If you’d like more information about HP’s EEO Policy or your EEO rights as an applicant under the law, please click here: Equal Employment Opportunity is the Law Equal Employment Opportunity is the Law – Supplement