Summary

Job title: IT Policy and Compliance Manager

Job ID: 202496210005

Department: Operations/IT Service Center

Location: TX-Irving

Description

Summary:

Consolidated Electrical Distributors Inc. is seeking an experienced IT infrastructure manager to lead its IT governance and compliance programs. The successful candidate will have experience and subject matter expertise in the areas of:

• IT Policy, governance, and program documentation and management

• Frameworks (NIST CSF, ISO:27001 & 2, PCI DSS, NIST 800-171)

• IT infrastructure and administration

• Cyber security & IT risk management

• IT policy and procedure audits

The IT Policy and Compliance Manager will assist IT leadership in developing and implementing policies, processes, standards, and guidelines to ensure compliance with industry norms and company goals. The role will use current industry frameworks and best practices to accomplish these objectives.

In this dynamic role, you'll serve as a subject matter expert and thought leader in the areas of IT compliance, risk management, and organizational governance. To be successful, you will need to collaborate with IT and business leaders and advocate at all levels of the organization.

In this role, you will be a member of CED’s cyber incident response team on an as-needed basis, serving as a supplementary resource to CED’s primary response team. Your expertise will be called upon to assist in effectively managing and resolving incidents, ensuring a coordinated approach to safeguarding our digital environment.

Reports to: Manager, Information Security

Minimum Qualifications:

• Bachelor's degree in computer science, information technology or related fields

• 10+ years of experience in a variety of IT disciplines, including IT networks and firewalls, identity management/Active Directory systems, desktop support, email systems, storage technologies, and backup and recovery technologies.

• 1-3 years of experience participating in compliance, audits, and related frameworks

• General awareness and exposure to a diverse set of cyber security technologies, tools, and services including: anti-malware, authentication/identity management, remote access, encryption, backup/recovery, client and server firewalls, network segmentation, SIEM, Web filtering, SPAM prevention, vulnerability assessment, and forensic investigation

• Experience in cyber-security incident management

• Experience conducting and documenting business process analysis, gap analysis and risk assessments

• Excellent verbal and written communication skills

• Strong IT project management experience; and ability to organize multiple work tasks and prioritize them to meet specific deadlines

• High level of proficiency to read, write and communicate orally the English language, especially IT technical terms and concepts

• Advanced math skills including addition, subtraction, multiplication, division, percentages, ratios, discounts/multipliers, and probabilities

• Ability to use Microsoft Word, Excel, Outlook

ADDITIONAL COMPETENCIES:

• Excellent communications and problem-solving skills; ability to interface with different levels of leaders within and external to CEDs IT department to coordinate and accomplish compliance initiatives

• Strong organizational and analytical skills; with ability to get into the details

• Ability to organize multiple work tasks and prioritize them to meet specific deadlines

• Ability to remain calm in a variety of situations

Preferred Qualifications:

• Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications

• ITIL certified

• 5 years of IT Management experience

Working Conditions:

• This position operates in a professional office environment, which may require sitting for extended periods.

• Requires occasional after-hours work

• Some travel via airplane

Supervisory Responsibilities: Yes

Essential Job Functions:

• This role is responsible for developing, evolving, and administering programs and initiatives related to the achieving CED’s IT department governance and compliance goals. Examples include:

• IT/cyber risk management program

• Compliance audit programs (such as PCI, ISO 27001, etc)

• Information security programs

• IT Vendor management program

• This role will take a leadership role in assisting other IT groups to develop and maintain policy documentation, perform compliance audits, and monitor status of remediation efforts for programs such as:

• Identity and Access Management (IAM) program

• IT Asset Management program

• Data classifications program

• Vulnerability management program

• Software and SaaS licensing programs

• IT business continuity programs, including digital assets preservation and recovery programs

• Effectively communicate, promote, and provide training on IT policies, standards and guidelines

• Identify, implement and maintain processes and tools to support compliance responsibilities

• Monitor, using audits and risk assessments, CED’s compliance with IT programs, policies, and standards

• Provide input on budgets and monitor expenses for compliance programs

• Manage vendor relationships and contracts related to areas of responsibility

• Identify and prioritize initiatives that support areas of responsibility

• Coordinate with other departments and stakeholders to accomplish compliance goals and assist with monitoring the status of remedial efforts

• Collaborate with Legal, Internal Audit and Loss Control departments to ensure a comprehensive approach to compliance across the organization.

• Assess the risk associated with CED’s IT systems, and evaluate the controls to mitigate those risks. Communicate findings to business and IT leaders, as appropriate.

• Assist in the performance and supervision of activities associated with forensic investigations including the collection and preservation of IT systems information, logs, data files, etc.

CED is an Equal Opportunity Employer - Disability | Veteran

Benefits:

Benefits available for this position are:

• Insurance - Medical, Dental, Vision Care for full-time positions

• Disability Insurance

• Life Insurance

• 401(k)

• Paid Sick Leave

• Paid Holidays

• Paid Vacation