As the Security Lead – Risk & Compliance, you will play a crucial role in enhancing our organization’s security posture. Join our talented and dynamic Information Security team to lead key programs and initiatives, identifying, managing, and reporting on security and data protection risks affecting the availability, confidentiality, and integrity of Patterson’s information systems, data, and technology assets. This role involves designing, assessing, and supporting security and data protection controls and the associate security programs ensuring compliance with audit and regulatory requirements. Additionally, advocating for security solutions across Security, IT, and Business teams, with the opportunity to mentor and lead associate staff. At Patterson Companies, we pride ourselves on our strong corporate values, longstanding history, and commitment to growth, all while fostering a respectful and supportive environment for our employees. Essential Functions To perform this job successfully, an employee must be able to perform each essential function satisfactorily, with or without reasonable accommodation. To request a reasonable accommodation, notify Human Resources or the manager who oversees the position. Lead the PCI-DSS compliance program, designing, implementing, and evaluating processes to validate and report on readiness. Oversee the Third-Party Risk Management program to identify, report, and remediate security and data protection risks impacting technology assets and data throughout the supply chain. Partner with various teams to lead assessments, report on remediation, and ensure organizational compliance with audit, regulatory, and compliance obligations. Collaborate with cross-functional teams to ensure cohesive security strategies and implementations. Identify, evaluate, and report on security and data protection risks, developing and implementing strategies to mitigate identified risks. Ability to assist and support implementation and oversight of risk & compliance reporting and dashboards such as through Microsoft Security Compliance. Lead targeted initiatives, actively collaborating with IT, business stakeholders, and external vendors to prioritize security risks, recommend mitigations or remediations, and implement security controls. A dditional functions In addition to the essential functions listed above, the incumbent may perform the following additional functions. Execute and maintain risk methodologies, owning IT risk processes aligned to frameworks such as NIST-CSF and ISO27001, supporting regulatory and compliance requirements like PCI DSS, SOC2, and SOX. Establish process workflows and lead the design, deployment, integration, and initial configuration of security solutions to enhance GRC processes. Manage metrics and reporting for program components within the scope of the role. Lead and mentor team members, providing direction to accomplish team objectives effectively. Required Qualifications At least 4 years work experience in information technology, cyber security, audit, compliance, risk, or information security. Excellent collaboration and communication skills with ability to communicate risk to a diverse stakeholder group. Proficiency in regulatory requirements and compliance standards (e.g. PCI-DSS, HIPAA, GDPR). In-dept knowledge of security risk management and compliance frameworks (e.g. NIST-CSF, COSO, ISO27001/2, CSA, etc.). Highly organized with attention-to-detail. Experience in mentoring and/or coaching individuals, projects, or teams. Preferred Qualifications Familiarity with audit process and frameworks such as SOC2 Type 2 and HITRUST. Bachelor’s Degree with an emphasis in security, technology, or engineering. Ability to influence and inspire others to adopt security best practices and policies. Security industry certification desired. The potential compensation range for this role is below. The final offer amount would be based on various factors such as candidate location (geographical labor market), experience, and skills. $120,000.00 – $130,000.00 The potential compensation range for this role is below. The final offer amount would be based on various factors such as candidate location (geographical labor market), experience, and skills. $93,100.00 – $117,400.00 #J-18808-Ljbffr
Coaching data-protection Attention to details HIPAA Information security PCI DSS Communication Bachelor’s Degree Mentoring Security Information technology (IT) Auditing SOC2 GDPR business sox