This job is closed
We regret to inform you that the job you were interested in has been closed. Although this specific position is no longer available, we encourage you to continue exploring other opportunities on our job board.
Endo International - Malvern, PA
posted 2 months ago
About the position
The Director of Information Technology Risk, Governance, and Privacy at Endo is responsible for developing and executing the Information Security Risk Management Program. This role involves transforming the enterprise risk management framework and aligning risk management strategies with organizational goals. The director will oversee the creation and maintenance of the IT risk management framework, ensuring compliance with legal and regulatory requirements while collaborating with various departments to protect the company's data and assets.
Responsibilities
- Refine and lead the IT Third Party Risk Program, including periodic reassessment of incumbent vendors.
- Configure security tools used in the risk assessment program.
- Integrate privacy considerations into vendor risk assessment scoring criteria.
- Develop and implement risk management policies, processes, and tools.
- Lead the design, implementation, and operational support of IT security controls, audit corrective action programs, and procedures.
- Identify controls policies and recommend risk-mitigating solutions for process gaps.
- Effectively communicate residual risk to senior stakeholders.
- Advise management on high-priority risks and controls gaps.
- Influence others and develop effective company-wide relationships across all areas of compliance, audit, and information technology.
- Collaborate with cross-functional teams to identify, assess, and mitigate risks.
- Lead the development and collection of key performance metrics (KPIs).
- Cultivate capabilities of junior IT security team members.
- Contribute to enterprise compliance and governance programs across cross-functional process areas and support corporate strategic objectives.
- Monitor adherence to ensure effective work relationships and business goal realization.
Requirements
- Bachelor's degree in Business, Information Technology, Computer Science, or a related field preferred.
- Minimum of 8 years of Risk Management experience required.
- 8+ years of audit, control, and compliance in technology processes supporting risk management initiatives across security functional areas.
- Strong knowledge of IT security control concepts.
- Excellent written and verbal communication skills and collaboration skills.
- Possesses strong stakeholder management skills.
- Ability to develop and implement effective IT risk management and security strategies.
- Experience working with Privacy, Legal, Audit, Compliance, Information Technology, and Human Resources departments.
Nice-to-haves
- Relevant certifications such as CISSP, CISM, CRISC, and CERP are preferred.
