Senior Manager of Technology and Security Compliance (Finance)
Together We Innovate. Together We Change Want to ensure that technology initiatives and operations are compliant with applicable laws, regulations, and standards, while also maintaining the security and integrity of IT systems and data for a Fortune 200 Company with some of the most iconic brands? If you have a bachelor's degree or equivalent experience along with ten plus years of experience specializing in security control selection and validation, assessments and a system accreditation, auditing or technology architecture, we want to speak with you! We are currently looking for a Senior Manager of Technology and Security Compliance to join our Enterprise Technology group in Richmond, VA. We are open to a remote work arrangement but periodic travel to Richmond, VA and working EST hours is required. The Sr. Manager will serve as a part of the cybersecurity team, partnering closely with Business Information Security Officers and the broader IT Risk Management team. The Security Controls and Compliance team focuses on preparing systems for audits through pre-audit testing, control validation, and supporting control owners in document creation to ensure the delivery of high-quality security compliance and audit results, delivering outstanding IT compliance strategies to accomplish goals. This role will support the creation or revision of policies and standards to ensure traceability with security and compliance standards. The role shall manage a strategic roadmap and processes. Collaborating, briefing and aligning regularly with internal and external partners in a fast-paced environment that delivers business value and enables the achievement of compliance objectives is key. What you will be doing: • Partnering with control owners to build, update, and implement controls across applicable domains (AI, PII, SOX, PCI, HIPAA, etc.) • Developing and revising compliance architecture & strategy to support technology alignment with company's business strategy • Managing pre-implementation SOX control assessments and compliance engagements • Working closely with system owners, developers, and IT teams to ensure controls are implemented effectively throughout the SDLC; support annual testing of controls • Partnering with Enterprise Architecture to address gaps for architectural standards • Establishing and maintaining compliance standards, patterns and guidelines that optimize Altria's business operations • Crafting metrics that measure effectiveness and compliance. Crafting and overseeing the usage of compliance and controls dashboards, briefing senior leaders • Working with Corporate Audit and audit liaison functions to support delivery of artifacts to internal and external auditors and minimize findings • Drafting and updating policy and standards that align to industry and regulatory requirements or standard methodologies • Attending change control and architectural reviews, evaluate SOX and compliance impacts due to changes We want you to have: • Bachelor's degree or equivalent experience in an IT-related field. • 10+ years of experience in the information technology field specializing in security control selection and validation, assessments and a system accreditation, auditing or technology architecture • Proven proficiency with current IT technologies. • Knowledge and hands-on experience with NIST 800-series guidelines (e.g. Risk Management Framework (RMF) 800-37, continuous monitoring 800-137), Security Assessment & Authorization (SA&A) requirements and processes, Continuous Monitoring Framework experience and its tools, Plan of Action & Milestones (POA&M) policies, and vulnerability/patch management, risk management, and project management, • Knowledge and experience with of industry specific compliance standards (e.g. Sarbanes-Oxley (SOX), SEC, HIPAA, PCI DSS, etc.) as they pertain to information systems and testing of associated controls. • Familiarity with vulnerability and scanning tools and proficient in interpreting risk posture resulting from assessment reports. • High proficiency with documenting and or reviewing security materials such as; system security plans (SSP), Security Assessment Report (SAR), Security Assessment Plan (SAP), and other documents per NIST 800 guidelines. In this role, you are responsible for leading a team. People Leaders play a fundamental role in bringing Altria's Employment Brand to life and creating an exceptional employee experience. As a People Leader at Altria, you are responsible for the performance, capability and engagement of your team. Some examples of specific responsibilities aligned to People Leader expectations include:
Establish and effectively communicate Vision, strategies and how each employee's work aligns
Identify, select, develop and allocate skills, behaviors and talent needed to meet business needs
Embrace diverse perspectives, appreciate differences and foster a culture of inclusion
Build trusting relationships by being authentic, transparent and providing radical candor
Provide and receive timely, constructive, specific and actionable performance and career feedback and coaching
The starting salary is based on but not limited to experience, knowledge, and qualifications in determining compensation decisions. The Salary Range for this position is: $128,700.00 - $196,200.00.We deliver a market-competitive, equitable pay with a Total Reward program that includes:
Annual performance incentive based on individual and company performance
Competitive Medical, Dental, and Vision insurance to support you and your loved ones
Flexible Work Environment to include vacation and generous holidays
Deferred Profit-Sharing Plan (401K) with matching contributions on day 1, including a yearly company contribution
Paid Paternity and Maternity Leave
Employee Recognition Awards
Student Loan Assistance
To learn more about How to Support you and your Loved Ones, Work-Life Balance, and Invest into your Future, visit our additional benefits at Benefits (altria.com)