Control and enforce the development, implementation, and continuous improvement of the North & Latin America Clusters’ IT Compliance Programs (including systems protecting PII, PHI, PCI, and other regulated data).
Enforce compliance standards, policies, and procedures proactively across the organization.
Maintain oversight of key regulatory and industry cyber-security standards (e.g., FDA, NERC CIP, DHS, PCI, HIPAA, PII, EU Safe Harbor, DOT) to anticipate their impact on corporate compliance programs.
Execute all phases of assessments, inquiry preparations, and policy enforcement reviews, including auditing software and IT systems to ensure strict adherence to compliance standards.
Actively assist and guide Business & Functions in assessing, reporting, and responding to audit findings, compliance inquiries, and security incidents within an international manufacturing environment.
Partner with the business to ensure compliance activities are prioritized and fully addressed prior to audit visits.
Control and track open IT audit findings and compliance deficiencies to guarantee prompt resolution and effective risk mitigation.
Evaluate and manage exceptions and risk acceptance requests regarding violations of compliance programs, policies, or standards.
Assess and maintain accurate reporting on compliance posture for functional corporate programs, IT, and Industrial Control Systems (ICS) projects to the Internal Control Team Lead, IPC, and business stakeholders.
Collaborate with the Internal Control Team Lead to deliver coordinated risk and security assessments, actively participating in the creation of risk metrics and strategic roadmaps.
Lead audit and compliance reporting, planning, and review sessions alongside the IT Security Risk Manager to determine the impact of findings and establish concrete management action plans.
Escalate newly identified CyberSecurity compliance issues and critical concerns directly to the Internal Control Team Lead.
Provide strategic, hands-on guidance to corporate and business units on Governance, Risk Management, Compliance (GRC), and CyberSecurity via the Internal Control Team Lead office.
Lead cross-functional initiatives confidently to drive strict compliance and implement process improvements in all compliance areas.
Drive improvements in IT controls and technical solutions to bring greater efficiency and robustness to existing compliance programs.
Research and integrate industry best practices in IT security, risk management, and compliance technologies to keep the entity's standards up to date.
General Requirements
Education:
Bachelor's degree appropriate to risk and compliance management areas or equivalent work experience.
Language Requirements:
Strong English language proficiency is required. [Level: C1/B2]
Knowledge and Skills:
Minimum of 2 years in an IT related role.
Between 2 and 4 years of IT audit experience, preferably in Big 4.
Strong background in IT audit, security assessments and risk based standards programs.
Project management and organizational skills with evidence of success.
Excellent communication and relationship skills; ability to lead, advise or collaborate with a wide range of personnel from engineering technicians to corporate executives.
Excellent verbal and written communication skills.
Personify solid integrity, ethical character traits and strict controls of confidential information.
Sound knowledge of a broad range of IT related processes and concepts.
Experience with GRC tools and PCI compliance is a plus.
Self motivated; ability to achieve objectives with minimal supervision.
IT security or audit certification(s) a plus; examples include CISA (Certified Information Systems Auditor), CRISC (Certified Risk Information Systems and Controls) or PCI (Payment Card Industry) is a plus.
Our Differences make our Performance
At Air Liquide, we are committed to build a diverse and inclusive workplace that embraces the diversity of our employees, our customers, patients, community stakeholders and cultures across the world.
We welcome and consider applications from all qualified applicants, regardless of their background. We strongly believe a diverse organization opens up opportunities for people to express their talent, both individually and collectively and it helps foster our ability to innovate by living our fundamentals, acting for our success and creating an engaging environment in a changing world.