Risk and Compliance Specialist Stericycle
Lake Forest, IL

Job Description

Preferred Education & Experience:

* CISA (Certified Information Security Auditor), CISM (Certified Information Security Manager), CRISC (Certified in Risk and Information Systems Control) or CISSP (Certified Information System Security Professional) certifications helpful, but not required
* Experience working with ISO 27001 (or similar) security framework, PCI DSS and CSA CCM standards in operational IT environment required
* Experience applying other security frameworks (e.g., CSF, COBIT), laws and standards (e.g. Sarbanes-Oxley, GDPR, HIPAA) helpful, but not required
* Must be able to work in a collaborative team environment with individuals at appropriate levels of the Company
* Good verbal and written communication, facilitation, and interpersonal skills

Education and Experience required :

* Education equivalent to Bachelor's Degree in Information Technology or the equivalent in related experience; an M.B.A. or M.S. in Information Security is preferred
* Five or more years of experience in a fast-paced professional role.
* CISA (Certified Information Security Auditor), CISM (Certified Information Security Manager), CRISC (Certified in Risk and Information Systems Control) or CISSP (Certified Information System Security Professional) certifications helpful, but not required
* Experience with risk analysis tools, technologies and policies. Understanding of Business Impact.
* Strong leadership abilities, with the capability to develop and guide IT team members and operations personnel, and work with minimal supervision.
* Experience working with legal, audit and compliance staff.
* Experience developing and maintaining policies, procedures, standards and guidelines.
* Experience with information security management frameworks, such as International Standards Organization (ISO) 2700x, NIST, the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (COBIT) frameworks.
* Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies.
* Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
* Project Management or Audit training / certification an asset.

Compliance is adherence to industry, governmental, corporate and third party control requirements. This position will work with the Manager of Security Engineering & the Director of Infrastructure operations to align with business & regulatory requirements & ensure adherence to industry acceptable standards. This role will also maintain internal controls & identify technical compliance gaps and assist Stericycle teams in building remedial actions to address enterprise compliance gaps.

Key Job Activities:

* Oversee Stericycle's IT policies, standards, guidelines and baselines under the direction of Director, IT Risk & Compliance. Manage compliance efforts with applicable regulatory and legal requirements.
* Works with business teams across the global organization to develop and execute the IT Risk Compliance and Risk Management program framework, extending processes as necessary to help business identify information risk and manage mitigation to an acceptable level
* Identify and develop controls needed for the mitigation of risk for IT processes which are not compliant with information security and risk frameworks or legal/regulatory requirements.
* Work with team members within the Risk and Compliance organization in assessing risk, developing appropriate controls and advising on creation of action plans to address gaps.
* Works closely with global business, contract and legal teams to assess proposed terms and conditions, align with appropriate risk profile and provide feedback on changes needed.
* Monitors and manages issues and risk register to ensure risks are accurately represented and actively managed.
* Recognizes opportunities to balance risk and creativity in quickly responding to business opportunities
* Prepares management reports and assists with project management responsibilities within IT Risk & Compliance organization.
* Help ensure compliance with HIPAA, PCI, GDPR, SOX and SOC for Stericycle Business Units. Work with business units to ensure applications and risks are properly classified.