Manager, Information Security Risk and ComplianceJob Location Saint Paul, Minnesota Job ID 2019-8638 Apply
Patterson Companies, a Fortune 500 company, is seeking a qualified leader for our Manager, Information Security Risk and Compliance role. This newly created role will be located at our corporate headquarters in Mendota Heights, MN and will report to the Director, Information Security.
The selected candidate will lead the Risk and Compliance Team in identifying, assessing, and executing information security and regulatory focused activities with a primary scope on commercial software products, vendors, and key business areas.
This is a great opportunity for the right individual who is excited about building a robust strategy in how we handle information security risk from the ground up. We need someone who is not only a proven leader but also has a strong risk management mindset.
Patterson Companies Inc. (Nasdaq: PDCO) is a value-added distributor focused on providing best-in-class products, services, technology and experiences to dental and animal health markets in North America and the U.K. Additional offerings include: software and equipment sales and services, practice design and management solutions, patient and staff education, regulatory compliance, and technology support and expertise from the Patterson Technology Center.
The Manager, Information Security Risk and Compliance will provide leadership to help improve, prioritize and ensure consistent information security risk management practices are being followed based on a defined framework and methodology.
To be successful in this role, the selected candidate will need to be comfortable building relationships and driving change through advocacy and influencing. They should also have a strong business understanding while also a possessing foundational technical competency as well.
- Provide expertise and leadership based on industry experience and knowledge to ensure commercial software remains in compliance with applicable standards and regulations, including evolving data security privacy principles.
- Develop and manage an information security risk management program, including: participation in broader risk management activities for the enterprise and the development, evaluation, and adherence to multiple areas of practice such as vendor (third-party), operational, and information security risk management.
- Develop, execute, and manage process for risk and control assessment of business processes and products to ensure that they align with policies and objectives. Identify, measure, and report metrics of value. Report results along with recommendations to close any gaps.
- Develop, implement, and manage relevant policies, standards, and procedures. Socialize policy and control recommendations to stakeholders across the Company in order to gain acceptance.
- Develop, implement, and maintain a security risk management strategy that guides and informs risk-based decisions (including how risk is framed, assessed, responded to, and monitored over time).
- Provide oversight to ensure security risk management activities are documented and carried out to drive consistent processes.
- Develop, implement, and test IT Disaster Recovery and Business Continuity program to ensure continuity of operations. In addition, help establish and manage a Crisis Management program that provides consistent and efficient responses to a disaster situation.
- Drive Security Awareness and Anti-Phishing efforts through new program implementation and leveraging existing communication approaches.
- Bachelor's degree in Information Technology or related field or equivalent work experience recommended.
- At least 8 years of professional work experience within Information Security, Risk, Compliance, Audit or Information Technology.
- At least 2 years of experience coaching, mentoring, and developing a team of people as a team lead or manager of people.
- Experience with documenting risk methodologies, maintaining risk registers, and initiating risk assessments.
- Ability to identify, generate, and maintain metrics used to demonstrate relative risk and justify program growth requirements.
- Knowledge of the latest information security standards, privacy laws, and regulations to ensure compliance both with internal security policies and external compliance requirements.
- Effective communicator, relationship builder, and advocate for sound risk mitigation practices.
- Excellent written and oral communication skills, inter-personal skills, and effective skills to support risk programs. Must be able to provide formal reports and presentations as required.
- Experience using ServiceNow.
- Expertise with ServiceNow GRC.
- Certified Information Systems Security Professional (CISSP).
- Certified Information Systems Auditor (CISA).
- Certified in Risk & Information Systems Control (CRISC).
- Certified Disaster Recovery Coordinator.
- Certified Business Continuity Planner.
An Equal Opportunity Employer
Patterson Companies, Inc., is an equal opportunity employer. We consider all qualified applicants without regard to race, religion, color, sex, national origin, age, sexual orientation, gender identity, disability or veteran status, among other factors.
Training and Development
Diversity and Inclusion
The Patterson Companies Difference
We’re excited that you’re interested in joining Patterson Companies. We offer a wide range of opportunities, and the hiring process may vary based on position. Learn how to submit a job application, and the typical evaluation processes used at Patterson, click here(This link opens a PDF file).
At Patterson Companies, we measure success by the strength of our relationships with our clients, customers and employees. From working with our partners to bring innovation solutions and provide best-in-class experience to our customers, to supporting employee volunteerism large and small, we’re committed to building strong connections to support the communities we live and work in. Learn more about our corporate responsibility, click here.
Be a part of a great organization with a special mission: to be the market leading dental and animal health company supplying technology, marketing, support and logistics to maximize customer success. We connect expertise to inspired ideas, products and services and create a relevant, memorable difference in the lives of our clients, customers and employees. To learn more about our Mission and Values click here.