This job has expired

Manager - IT Compliance

Tiffany & Co.
Parsippany, New Jersey, United States
Closing date
31 Mar 2023

View more

Full Time

Job Details

This role will own the execution and improvement of the company's Information Security Compliance Program. The primary focus of this role will be to supervise, test and ensure compliance to the Company's Information Security Standards as well as applicable regulatory requirements. They will identify, analyze, and report on areas of non-compliance within information systems and infrastructure assets and provide guidance to business decision-makers with development of mitigation strategies. They will ensure that adequate and effective security processes and controls are followed and aligned to deliver compliance with security policy and regulatory requirements.


IT General Controls Program:
  • Maintain the IT Financial Audit and Compliance Program for financial systems
  • Ensure IT Controls are efficient and effective
  • Be responsible for the execution of quarterly ITGC self-assessment process

PCI Compliance Program:
  • Ensure PCI Controls are implemented across the organization
  • Supervising for changes to PCI DSS standards to ensure continued compliance
  • Supervise the annual QSA assessment

Data Privacy Program:
  • Partner with Legal to support GDPR, PIPL, and other global privacy related compliance initiatives

Audit Support:
  • Support internal and external audits
  • Maintain Issue tracking registry
  • Develop and be responsible for corrective action plans to address non-compliance and audit findings

  • Establish key IS metrics using KPIs
  • Maintain regular written and in-person communications with IT management to ensure awareness of non-compliance risks

Training and Awareness:
  • Own the Information Security Training and Awareness Program

Be responsible for periodic phishing awareness exercises

Team Management:
  • Lead Information Security staff, including recruitment, supervision, training, workload management, and professional development

  • Bachelor's degree and 5+ years of related work experience or equivalent combination of education and experience
  • Deep technical knowledge of IT General Control design and test execution
  • Strong technical knowledge of applicable regulatory requirements including Sarbanes-Oxley (SOX), Payment Card Industry Data Security Standard (PCI-DSS), and general knowledge of applicable data privacy practices and laws (e.g., GDPR, PIPL)
  • Shown in-depth technical knowledge of Information Security principles and process and writing IT policy
  • Confirmed experience in a Governance, Risk & Compliance (GRC) framework
  • Background applying and assessing security controls
  • Strong leadership skills, ability to harness the dedication & contribution of team members outside of direct span of control
  • Proven understanding of project management principles
  • Demonstrated experience crafting a balanced compliance office
  • Excellent written and oral communication skills
  • Good interpersonal skills and customer service skills
  • Ability to conduct and direct research into risk/compliance issues and products as the need arises
  • Ability to clearly articulate ideas in business-friendly and user-friendly language
  • Fiscally responsible decision making with the ability to perform general mathematical calculations for the purpose of crafting business cases and budgets
  • Highly self-motivated and directed
  • Attention to detail
  • Shown analytical, evaluative, and problem-solving abilities
  • Ability to optimally prioritize and complete tasks in a fast-paced environment
  • Extensive experience working in a team-oriented, collaborative environment

  • Master of Business Administration in technology
  • CISSP, CISA, PCI ISA, CRISC or similar leading industry certifications preferred


Learn more about this company

Visit this company’s hub to learn about their values, culture, and latest jobs.

Visit employer hub

Learn more about this company

Visit this company’s hub to learn about their values, culture, and latest jobs.

Visit employer hub

Get job alerts

Create a job alert and receive personalised job recommendations straight to your inbox.

Create alert