Are you ready to drive cybersecurity compliance and governance strategies for a Fortune 200 Company with some of the most iconic brands? If you have a passion for risk management, a strong background in IT compliance, and the ability to thrive in a fast-paced environment, we want to hear from you! We are currently seeking a Manager of Risk, Compliance, and Governance to join our Enterprise Technology group. While this role offers the flexibility of remote work, you will have the opportunity to collaborate with teams in Richmond, VA, and occasional travel to the area will be required.
The role will play a pivotal role in ensuring the delivery of high-quality security compliance and audit results, supporting SOX control owners/operators, and driving the execution of IT compliance strategies that align with organizational goals.
In this role, you will partner closely with Corporate Audit, Business Information Security Officers, and the broader IT Risk Management team. You will be responsible for conducting annual assessments, overseeing disaster recovery governance, and collaborating with corporate audit teams to ensure compliance with policies and standards. Your ability to build strong relationships with internal and external partners, deliver business value, and enable the achievement of compliance objectives will be key to your success.
What you will be doing:
• Partnering with control owners to build, update, and implement controls across applicable domains (AI, PII, SOX, PCI, HIPAA, etc.).
• Assessing compliance framework & strategy to support technology alignment with company’s business strategy.
• Establishing and maintaining disaster recovery (DR) governance, ensuring on-going completeness and accuracy of disaster recover documentation (e.g., DR plans and procedures)
• Validating business impact assessments of all applications in the Altria environment for disaster recovery
• Serving as a liaison for steady-state SOX control assessments.
• Working closely with Security Controls and Compliance team to ensure controls are implemented or modified effectively throughout the SDLC for in-scope SOX systems/tools; support annual testing of controls.
• Conducting technical controls, compliance and resiliency assessments to determine effectiveness in protecting systems and data.
• Establishing and maintaining compliance standards, patterns and guidelines that optimize Altria's business operations.
• Building and overseeing the usage of compliance and controls metrics and dashboards, driving a value approach to utilization across portfolio delivery, and briefing senior leaders.
• Partnering with Corporate Audit and audit liaison functions to support remediation of internal and external auditors' management action plans and minimize findings.
We want you to have:
• Bachelor’s degree or equivalent experience in an IT-related subject area
• 8+ years of experience in the information technology field specializing in security control selection and validation, assessments and a system accreditation, auditing or technology architecture.
• Demonstrable proficiency with current IT technologies.
• Knowledge and hands-on experience with NIST 800-series guidelines (e.g. Risk Management Framework (RMF) 800-37, continuous monitoring 800-137), Security Assessment & Authorization (SA&A) requirements and processes, Continuous Monitoring Framework experience and its tools, Plan of Action & Milestones (POA&M) policies, risk management, and project management
• Knowledge and experience with of industry specific compliance standards (e.g. Sarbanes-Oxley (SOX), SEC, HIPAA, PCI DSS, etc.) as they pertain to information systems and testing of associated controls.
• Experience in project management and tracking.
• Proficient in Microsoft suite of office products, include power automation tools.
• High proficiency with reviewing security materials such as; system security plans (SSP), Security Assessment Report (SAR), Security Assessment Plan (SAP), and other documents per NIST 800 guidelines.
The starting salary is based on but not limited to experience, knowledge, and qualifications in determining compensation decisions. The Salary Range for this position is: $116,200.00 - $168,400.00.
We deliver a market-competitive, equitable pay with a Total Reward program that includes:
- Annual performance incentive based on individual and company performance
- Competitive Medical, Dental, and Vision insurance to support you and your loved ones
- Flexible Work Environment to include vacation and generous holidays
- Deferred Profit-Sharing Plan (401K) with matching contributions on day 1, including a yearly company contribution
- Paid Paternity and Maternity Leave
- Employee Recognition Awards
- Student Loan Assistance
- To learn more about How to Support you and your Loved Ones, Work-Life Balance, and Invest into your Future, visit our additional benefits at Benefits (altria.com)
This position is not eligible for sponsorship.
