Address
SalaryWe’re Hiring for Sr. Director of IT Controls & Compliance
If you are excited and passionate about helping #LetsSolveWater, consider joining our team today! Xylem, Inc. is a leading global water technology company servicing more than 150 countries and is dedicated to solving the world’s most challenging water issues. We are looking for individuals to join our mission by exceeding customer expectations through smart sustainable solutions. At Xylem, you will have the opportunity to solve water by participating in our paid Volunteer Program, Xylem Watermark!
THE ROLE: The Sr. Director of IT Controls & Compliance provides leadership and guidance for the company’s compliance program regarding all aspects of enterprise technology. The director is responsible for and will establish and maintain the company’s overall technology compliance, while supporting general governance and risk management. The compliance role includes developing and managing a global, enterprise-wide program aligned with established and required frameworks and includes the establishment; cross functional education and communication; monitoring and reporting compliance of IT General Controls. In this role, they will work across IT leadership, functional leadership (Human Resources, Finance) and businesses to establish IT General Controls; assess current state; establish risk based priorities; report Key Performance and Key Risk Indicators monthly; and in collaboration with partners, develop tactical and strategic plans for improvement – driving accountability with leadership across the company. The individual will be responsible for Sarbanes Oxley compliance outcomes, establishing best practices for access management and segregation of duties
The director ensures the company’s technical systems and information assets are protected in accordance with compliance requirements. . It will own the development, initiation and execution of User Access Review (UAR) processes. This includes prioritizing systems based on risk, defining requirements for UAR frequency and testing accuracy. Furthermore, the director is responsible for identifying, evaluating and reporting on information security risks when technological systems and software are not meeting compliance requirements. The director will work in tandem with cybersecurity, enterprise technology, legal and compliance leadership to ensure all technology conforms to the company’s desired compliance and security posture. The position requires a diverse background to understand a variety of systems, including new technologies and legacy systems used by lines of business and vendors.
We offer a full benefits package to include Flexible Time Off (FTO) for salaried positions, health, dental, vision, investment savings plan, and additional miscellaneous benefits.
CORE RESPONSIBILITIES: To perform the job successfully, an individual must be able to perform each essential duty satisfactorily.
- Develop and maintain compliance framework assessment toolkits used in testing and validation procedures.
- Facilitate IT compliance of identified controls, e.g., IT, application, cloud, cybersecurity, etc.
- Work in tandem with Enterprise Information Technology, cybersecurity, corpoprate functions and business leads to incorporate compliance practices and industry standards.
- Cultivate working relationships with technology, compliance, cybersecurity, audit and third-party stakeholders.
- Manage and direct a team of subject matter experts for technology risk, compliance and effective controls.
- Be accountable for and lead assessments for technology infrastructure, applications and third-party dependencies, aligning to regulations, best practices and corporate governance.
- Continuously monitor changes to regulatory requirements, the threat landscape and business impact.
- Steer the program with emphasis around privacy, security, business resiliency and compliance frameworks.
- Partner with internal and external auditors to validate controls for compliance.
- Focus on principles aligned with enterprise risk management fundamentals within security and technology teams to maintain up-to-date configuration documentation for systems and processes.
- Direct compliance teams to document, communicate and enforce security improvements that balance risk with business operations and ensure controls do not weaken efficiencies or business innovation.
- Create, prioritize and manage the yearly scope of technology compliance obligations.
- Identify, document and monitor to closure any gaps when compliance responsibilities are not met.
- Evaluate security controls and opportunities for improvement and communicate recommendations.
- Guide members of the compliance team and provide constructive feedback related to performance.
- Maintain a high degree of knowledge with current and proposed security changes impacting regulatory, privacy and security industry best practice guidance.
- Acquire and retain knowledge including, but not limited to: ITAR, HITRUST, GDPR, Sarbanes-Oxley, PCI, SOC 2, NIST, ISO 27001 and other applicable industry standards.
- Perform other duties as assigned.
QUALIFICATIONS:
- Bachelor’s degree preferred in computer science, information assurance, MIS or related field. Advanced degree not required, but an MBA or master’s degree in information assurance/technology is desirable.
- CISM, CRISC, CISSP preferable, but not required.
- At least 10 years’ experience in cybersecurity and at least five years in compliance, risk management or audit.
- At least five years’ experience managing a distributed team and workforce.
- Capable of working with diverse teams and promoting an enterprise-wide, collaborative security culture.
- Demonstrated leadership experience and thorough understanding of various regulatory requirements and laws such as, but not limited to, PCI, SOX, HITRUST, GDPR and PIPL.
- Proven project leadership with both legacy and emerging technologies to assess and manage business risk and enforce security controls.
- Wide-ranging knowledge in technical infrastructure and applications, from legacy through next generation.
- General knowledge of cloud (AWS, Google Cloud Platform, Azure) security configuration and management.
- Proficient understanding of business focus and processes and the ability to inject cybersecurity compliance into the business through teamwork and influence.
- Ability to maintain a high level of integrity, trustworthiness and confidence to represent the company and security leadership with the highest level of professionalism.
- Excellent project management, personal and organizational skills.
- Ability to remain credible with the team and external constituents through sustained industry knowledge.
DAY IN THE LIFE:
In this role, the working environment is generally in an office setting and may be performed remotely. The physical demands may include but are not limited to moving around in an office environment, frequent oral communication, close vision, and ability to operate office equipment. Up to 5% time spent traveling.
SALARY:
The estimated salary range at this professional level is $146,500.00 to $264,000.00 plus bonus.
Starting pay is dependent on multiple factors, such as skills, experience, and work location, and is not typically at the top of the range. At Xylem we offer a competitive compensation package with a generous benefit package, including Medical, Dental, Vision plans, Wellness programs, 401(k) with company contribution, paid time off, paid parental leave and tuition reimbursement.
At Xylem, we embrace diversity and strive to create avenues where employees feel valued and appreciated through our DE&I initiatives and Employee Resources Groups (ERG). Xylem is proud to be an Equal Employment Opportunity and Affirmative Action workplace. Xylem prohibits discrimination, harassment of any kind and does not discriminate in employment on the basis of race, color, religion, sex or sexual orientation (including pregnancy and gender identity), national origin, political affiliation, marital status, medical conditions or disability, genetic information, age, or other non-merit factors.
Join the global Xylem team today! Xylem is a team creating advanced technology solutions to the world’s water challenges through developing new technologies and services that will improve the way water is used, conserved, and re-used in the future is central to our work. Our products and services move, treat, analyze, monitor, and return water to the environment, in public utility, industrial, residential, and commercial building services settings. Xylem also provides a leading portfolio of smart metering, network technologies and advanced analytics solutions for water, electric and gas utilities.
Disclaimer: The information listed within this job description is designed to indicate the general nature of work expected for this position and shall not be viewed as a comprehensive inventory of all duties, responsibilities, and qualifications required in this position. Employees must be able to perform the essential functions of the position satisfactorily and if requested, reasonable accommodations will be made to enable employees with disabilities to perform the essential functions of their job absent undue hardship. Xylem reserves the right to modify this job description or assign other duties to this position as needed.
