Papa John's - Louisville, KY
posted 22 days ago
Full-time - Senior
Louisville, KY
Food Services and Drinking Places
About the position
The Information GRC Manager at Papa John's is a pivotal role within the global information security team, focusing on security, risk, and compliance. This position is designed for a proactive leader who will enhance the organization's security program by identifying and mitigating security risks, ensuring compliance with regulations, and implementing effective security controls. The role requires a deep understanding of information security principles and risk management frameworks, making it ideal for someone looking to make a significant impact in the field.
Responsibilities
- Leading risk assessments to identify security risks across business functions, products, and systems.
- Developing and overseeing a risk register and ongoing risk treatment lifecycle, including exceptions.
- Providing SOX subject matter expertise for testing of all IT Sarbanes-Oxley controls and acting as a liaison between audit and business personnel.
- Conducting and maintaining a risk register to identify key business processes and associated systems, risks, and dependencies.
- Implementing control benchmarking utilizing current CIS tools.
- Working with the CISO to develop and manage end-to-end cyber disaster recovery testing and documentation.
- Developing or maintaining global information security policies and standards.
- Creating and maintaining Information Security Policies, Standards, and Procedures for global teams.
- Developing and maintaining security awareness training and phishing simulations for team members.
- Developing security requirements, guideline documentation, and communication for Franchisees.
- Ensuring compliance with all applicable Payment Card Industry Data Security Standard (PCI DSS) requirements across all payment channels.
- Generating annual Report on Compliance (ROC) and Attestation of Compliance (AOC) for each applicable channel.
- Staying informed of the latest legal, compliance, and regulatory changes that impact the organization and assessing for compliance with evolving requirements.
- Evaluating, monitoring, and communicating with new and current IT vendors to ensure they maintain minimum thresholds for cyber security.
- Fostering relationships with management across various functions including Internal Audit, Legal, and Technology.
Requirements
- Strong understanding of information security principles.
- Experience with risk management frameworks.
- Knowledge of compliance requirements, particularly PCI DSS and SOX.
- Excellent organizational skills.
- Ability to communicate effectively with various stakeholders.
Nice-to-haves
- Experience with cloud-based solutions and PCI compliance.
- Familiarity with CIS tools for control benchmarking.
- Previous experience in a similar role within a large organization.
Benefits
- Competitive salary range of $110K - $139K per year.
- Opportunities for professional development and training.
- Comprehensive health insurance options.
