Security, Risk and Compliance Manager

Job Summary

As the Information GRC Manager, you will be a critical part of the Papa Johns global information security team. We are looking for a thought leader in security, risk, and compliance to join us and expand our overall security program.  You will assist the information security team in identifying, assessing, and mitigating security risks, ensuring compliance with relevant regulations and industry standards, and implementing effective security controls across the organization. This role requires a strong understanding of information security principles, risk management frameworks, and compliance requirements. If you are a proactive self-starter and looking for a role that will allow you to roll up your sleeves and implement meaningful change, this could be the perfect fit!

Role Responsibilities

• Leading risk assessments to identify security risks across business functions, products and systems; develops and oversees risk register and ongoing risk treatment lifecycle, including exceptions; provides SOX subject matter expertise for testing of all IT Sarbanes-Oxley controls and liaison between audit and business personnel
• Conduct and maintain risk register to identify key business processes and associated systems, risks, and dependencies.
• Implement control benchmarking utilizing current CIS tools
• Work with the CISO to develop and manage end-to-end cyber disaster recovery testing and documentation.
• Develop or maintain global information security policies and standards.

• Develop and maintain Information Security Policies, Standards and Procedures for global teams.
• Develop and maintain security awareness training and phishing simulations for team members.
• Develop security requirements, guideline documentation and communication for Franchisees.

• Ensuring the organization maintains current compliance with all applicable Payment Card Industry Data Security Standard (PCI DSS) requirements across all payment channels
• Generates annual Report on Compliance (ROC) and Attestation of Compliance (AOC) for each applicable channel.

• You will be extremely well versed in PCI for cloud-based solutions and can effectively communicate how the internal security teams, development teams and infrastructure technologies and processes meet compliance. 
• Proactively stay informed of the latest legal, compliance and regulatory changes that impact the organization and assess for compliance with the continuously evolving requirements.
• Evaluate, monitor and communicate with new and current IT vendors to ensure they are maintaining minimum thresholds for cyber security.
• Foster relationships with management, across a range of functions including Internal Audit, Legal and Technology.