Compliance Manager, Information Security

About the role

Kontoor Brands is a portfolio of three of the world's most iconic lifestyle, outdoor and workwear brands: Wrangler®, Lee® and Helly Hansen®. Kontoor Brands is a purpose-led organization focused on leveraging its global platform, strategic sourcing model and best-in-class supply chain to drive brand growth and deliver long- term value for its stakeholders. Job Posting: Information Security Compliance Manager Kontoor Brands, Inc. (KTB) is a global lifestyle apparel company with a portfolio of some of the world's most iconic brands: Wrangler and Helly Hansen. We design, manufacture, and distribute superior high-quality products that look good, fit right, and are crafted with sensitivity to our planet to give people around the world the freedom and confidence to express themselves. Our global community of more than 15,000 employees fosters a culture of integrity, collaboration, performance, and entrepreneurial spirit. We are looking for inclusive, humble, creative, and forward-looking employees with a passion for creating innovative apparel products, accessories, and solutions that are both meaningful and purposeful for consumers and employees. Job Title: Information Security Compliance Manager The Information Security Compliance Manager will report to the Director of Security Governance and develop IT compliance programs focused on SOX, PCI and Privacy regulations; oversees assessments and collaborates with cross-functional teams to maintain a strong compliance posture. Coordinates work of GRC analysts and cross functional IT teams to perform required reviews (access, Segregation of Duties, etc.), ensures processes are in place to address Privacy operations and provides requirements for data protection program.

Responsibilities

• Support Controller of Accounting & Reporting to develop and supply requirements for SAP GRC Rules (including mitigating controls) to IT IdAM Operations
• Performs or oversees information security assessment/analysis, mitigation and remediation. Advise in implementing solutions and mitigation plans for control deficiencies; regulatory and compliance gaps and make recommendations for process efficiencies.
• Conducts ongoing security compliance monitoring activities in coordination with the organization's other compliance and operational assessment functions.
• Partners with Information Security Awareness to oversee, develop and provide compliance training to the workforce. Educate and coach internal Technology teams on technology risk, audit, and control principles.
• Ensures timely completion of User Access, Privileged Access and Segregation of Duties and other control reviews.
• Collaborate cross-functionally with teams including Legal, Privacy, Internal Audit, IT Risk Management, IT Security, external consultants and auditors on assessments, process improvements, documenting standards and procedures, and ensuring deadlines are achieved.
• Support IT risk, audit, and compliance reporting via consolidated dashboards to aid in executive management decision making process. Identify and report metrics to IT leadership on monthly basis
• Maintain current knowledge of appliable global, federal, and state information security laws and accreditation standards.
• Maintain required administrative processes such as meetings, training, budgeting, status reporting, etc.
• Oversees work of GRC analysts to ensure timeliness and accuracy
• Skills for Success:
• Strong leadership, project and team-building skills, including the ability to lead teams and drive projects and initiatives across multiple departments.
• Ability to identify risks associated with business processes, operations, information security programs and technology projects.
• Ability to develop working relationships with the business, and a broad understanding of business processes to translate technical issues into business-related decision points.
• Strong critical thinking and analytical skill.
• Ability to drive tasks forward with limited direction.
• Exceptional communication and presentation skills with diverse audience.
• Experience/Education:
• InfoSec certifications including CISSP, CISA, and CISM are desired
• Bachelor's degree in an IT, Information Security or Audit related field of study, or equivalent experience
• Working in information security and/or IT audit  Experience as a PCI Qualified Security Assessor (QSA) is preferred
• Working knowledge of key industry standards and security regulatory frameworks (SOC 1, SOC 2, SOX, PCI, COBIT 5, ISO, NIST, etc.) is desired
• Practical experience supporting Sarbanes-Oxley (SOX) compliance
• Experience working in a company using SAP (knowledge of Access Management/GRC within SAP)
• Experience in a global retail environment is preferred
• Drive privacy impact analysis, record of processing activities, with applications and data management solutions
• Working knowledge of EU, US and other regional Privacy and Financial regulations
• Leadership Competencies Expected for this Role
• Evolving Leader
• Global Agili

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at kbi? Share your experience