What are the responsibilities and job description for the Director - Risk and Compliance position at honeywell2-pilot?
When you join Honeywell, you become a member of our global team of thinkers, innovators, dreamers and doers who make the things that make the future. That means changing the way we fly, fueling jets in an eco-friendly way, keeping buildings smart and safe and even making it possible to breathe on Mars. Our employees enjoy access to dynamic career opportunities across a variety of different fields and industries. Are you ready to help us shape the future?
The Director of Risk and Compliance will report directly to the GRC (Governance, Risk, and Compliance) Leader within the CISO organization and is a strategic partner with our Chief Digital Officer. This role is responsible for all aspects of Cyber, IT and application risk Management, IT compliance, PCI, SOX and policy exceptions across Information Security, IT and the lines of business.
KEY RESPONSIBILITIES
•Manage and lead a multi-level team of employees focused on driving Risk, and Compliance programs.
•Implement and maintain a comprehensive Security and IT Risk Management program that aligns with the company-wide enterprise risk management framework.
•Design and Implement a Risk quantification program for all IT and Cyber risks to enable risk-based investments (risk buy down)
•Manage tracking of identified findings, remediation actions, and provide reporting to leadership.
•Design and implement a cyber and IT controls assessment and assurance process to ensure controls function effectively and efficiently.
•Design and implement an effective policy/security exception process to facilitate and manage requests for non-compliance with policies, standards, and baselines. Enable a multi-tiered approval process based on the risk posture
•Develop and implement relevant cyber and IT risk metrics and reporting to management and risk committees.
•Oversee the risk register to address risk issues and action plans from all sources, e.g., IT audit, technology risk assessments, vulnerability scans, penetration testing, etc.
•Coordinate information security internal audit and SOX reviews to help represent the company from an information security and technology risk perspective.
Maintain an up-to-date understanding of emerging trends in information security risks, and new techniques and trends, in-line with overall information security objectives and risk tolerance.