IT Risk and Compliance Specialist
US OH Columbus
The IT Governance, Risk, and Compliance (GRC) Specialist will manage the following:
Information Security risk management
IT Data Privacy compliance
Third party risk management
This position will provide highly skilled technical information security expertise to help reduce risk exposures to Hexion's IT environment, as well as represent the GRC function in cross functional teams.
Based in Columbus, Ohio, Hexion Inc. is the global leader in thermoset resins. Through a broad range of thermoset technologies and specialty products, Hexion serves and supports customers in a diverse range of applications and industries.Hexion materials are found in products that touch nearly every facet of modern living. At Hexion, we believe that leadership begins with integrity, ethics and environmentally sound operations. When you work for Hexion, you are partnering with a company that is not only focused on delivering value but on doing it in a safe, ethical and environmentally responsible manner.
This exciting opportunity is part of Hexion Inc.
Support the development and implementation of the system-wide risk management function of the information security program to ensure information security risks are identified and monitored.
Maintain Risk Register. Assess each risk by identifying the potential impact based on combination of threat, likelihood, and exposure. Coordinate review of existing risks, along with actions, to ensure they are being managed in line with the Risk Management Strategy and Standards.
Keep executive management up to date on the results of the risk assessment and make recommendations for mitigations, or projects, to protect systems or cover potential losses.
Administer system that contains Risk Register and other risk-related information (risk/control matrix, etc.) and train new users of the system.
Assist in the development, creation and maintenance of information security risk processes, policies, and procedures.
Assist in developing proposed treatment plans and facilitate decisions on those treatment plans with risk owners and senior leaders.
Develop best practices for risk management and recommend risk modeling techniques
Internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls for Hexion's information and technology systems.
Create periodic risk reports, metrics, and presentations that will be distributed to senior leaders, risk owners, and various other stakeholders.
Ensure that security controls are managed and maintained.
Participate in third party risk assessment and management process.
Compliance (Data Privacy, Cyber)
Support the data privacy compliance program, ensuring IT activities, processes, and procedures meet defined requirements, policies and regulations.
Liaison with Data Privacy officers to insure IT compliance with relevant Data Privacy legislation (ex: GDPR).
Participate in regular audits of IT cyber control effectiveness and process compliance.
Drive continuous improvement of tools and process capabilities in the area of compliance.
Work with Internal Audit and outside consultants as appropriate on required security assessments and audits. Oversee implementation of audit recommendations and provide updates to auditors.
Governance (Policy Management, BC/DR)
Identify policy gaps and recommend relevant policy statements. Insure existing policies are periodically reviewed and kept current.
Develops and maintains policy to comply with requirements.
Represent the GRC function in cross functional teams
Assess the current adequacy of the business continuity /disaster recovery plans, potential threats to the systems, and then calculate the impact of potential adverse events.
Review BC plans for IT for completeness and accuracy. Participate in annual DR testing.
Participates in the development, adoption and compliance with IT governance framework across all domains.
Perform other duties as assigned to ensure the smooth functioning of the department and maintain the reputation of the organization as a viable business partner.
When required, operate with a high degree of independence regarding project management activities, including development of project plans and budget/resource estimates.
Establish and maintain strong relationships with stakeholders.
Strategic Focus and Direction
Identifies problems in attaining planned goals or work and proposes solutions
Works with customers (internal and external) to understand and meet their needs
Understands and accommodates cultural differences successfully and behaves appropriately for the culture in which he/she is working
Trust and Teamwork
Supports team decisions in word and action outside of the team setting - even if the ideas he/she supported were not chosen by the team
Keeps commitments - Holds self-accountable for assignments and required work product
Communicates directly, honestly, respectfully and timely manner to resolve conflict
Displays a positive attitude and willingness to make the necessary effort to accomplish goals
Drives safety culture initiative; ensures understanding of the existing safety policies in the company among employees
Achieve Business Results
Exhibits a sense of responsibility and urgency toward goal accomplishment
Ability to receive feedback and adjust behavior
Achieves results in a manner consistent with the Core Values
5-7 years of advanced IT skills in the areas of Information Security, Risk Management or IT Audit experience and expertise and excellent communication skills
Good understanding of control and risk management frameworks (NIST) and fundamentals, with hands on experience with IT Risk Management systems
Strong project management and executive reporting skills
Bachelor's degree required.
Relevant certifications preferred (CRMA, CRISC, RIMS-CRMP, CISA, CIPP/CIPM)
Fluent language skills in English, both verbal and written
Proficient in Microsoft O365, including Office, Teams and Outlook
Ability to work accurately, with strong time management and organizational skills
Ability to work well with others to accomplish common goals
Good communication skills with the ability to interact with all levels of the organization
Positive attitude and high stress threshold to succeed in a dynamic environment
In order to be considered for this position candidates are required to submit an application for employment through our career site, be at least 18 years of age, willing to take a drug test, submit to a background investigation as part of the selection process, as well as additional periodic background checks as required by the Chemical Facility Anti-Terrorism Standards (CFATS) or regulations adopted by the Department of Homeland Security or other regulatory agencies
Candidates are required to have unrestricted authorization to work in the United States.
If currently an employee of the Company, you must have current satisfactory work performance and in most cases, have been in your current role 18 months.
Disclaimer: We are not accepting unsolicited assistance from search firms/employment agencies for this employment opportunity. Please, no phone calls or emails to any employee about this position. All resumes submitted by search firms/employment agencies to any employee of the Company via email, the Internet or in any other form and/or method without a valid written search firm agreement in place for this position will be deemed the sole property of the Company; no fee will be paid in the event a candidate is hired by the Company as a result of the unsolicited referral or through other means.
We are an Equal Opportunity, Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to gender, minority status, sexual orientation, gender identity, protected veteran status, status as a qualified individual with a disability or any characteristic protected by law.