Req ID: 119443

　　Region: Americas

　　Country: USA

　　State/Province: Minnesota

　　City: Maple Grove

　　General Overview

　　Functional Area: Information Technology (ITM)

　　Career Stream: IT Risk & Compliance (RAC)

　　Role: Manager (MG2)

　　Job Title: Manager, IT Risk & Compliance 2

　　Job Code: MG2-ITM-RISK

　　Job Level: Level 10

　　Direct/Indirect Indicator: Indirect

　　Summary

　　Summary:

　　The Manager, IT Risk and Compliance participates in IT Security initiatives and projects. They work closely with stakeholders to understand the business (security initiatives and compliance) security requirements and risks and work with the IT team to implement. The incumbent is responsible to ensure IT projects/initiatives are part of the Security strategy and within the IT roadmap.

　　Detailed Description

　　Performs tasks such as, but not limited to, the following:

　　Leads the engagements with stakeholders and IT Security initiatives and projects (including security governance and compliance) ensuring interactive collaboration with the stakeholders IT Security team

　　Ensures IT projects/initiatives follow IT PMO process and leads the execution when required, working with project stakeholders to determine acceptable levels of risk for the organization. Maintains contact and communication with all project team members to ensure conformance with requirements and client user expectations. Liaises with enterprise architecture team to ensure project alignment with security architecture

　　Overall NIST 800-171 ongoing governance and compliance

　　Maintains NIST 800-171 compliance and updates all IT security and risk policies, procedures, and controls.

　　Develops and enhances the information security management framework based on the NIST 800-171 standard (National Institute of Standards and Technology) and DFARS requirements.

　　Responds to customer and government inquiries as to NIST800-171 and DFARS compliance, specifically by completing security questionnaires in conjunction with site IT as appropriate.

　　Responds to various IT audits when required around IT Security projects and compliance initiatives with the whether external or internal

　　Provides consultancy and guidance in all aspects of governance which involves evaluating general and specific training needs; delivering training to support the control environment and associated control framework; communicating objectives and fostering a compliance and risk aware culture

　　Maintains system documentation such as System Security Plan (SSP) and Plan of Action & Milestones (POAM)

　　Oversee the deployment and maintenance of IT Security solutions and compliance

　　Establish and maintain effective relationships with process owners to proactively assess security risks

　　Performs on demand and annual validation of Controlled Unclassified Information (CUI) data in scope and related controls; risk assessment and addresses mitigation steps as needed.

　　CUI data assessments and validation through systems, processes, people.

　　Knowledge/Skills/Competencies

　　Knowledge of Celestica’s technology, business and IT strategies

　　The ability to communicate security and risk-related concepts to technical and nontechnical audiences.

　　Organized and able to meet deadlines

　　IT Security Best Practices

　　IT Governance and Audit Procedures

　　Knowledge of common information security frameworks and IT controls frameworks, such as ISO/IEC 27001, ITIL, COBIT/COSO and ones from NIST

　　Knowledge and understanding of relevant legal and regulatory requirements, such as CMMC, NIST 800-171, DFARS compliance, IT security controls and governance

　　Knowledge and understanding of relevant legal and regulatory requirements, such as Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry/Data Security Standard. Knowledge of global requirements.

　　Proficient in IT Security

　　Advanced knowledge of risk mitigation and business controls

　　Advanced knowledge of data management and analytics

　　Advanced knowledge of delivering initiatives within the Operating Model

　　Advanced knowledge of project management

　　Proficient in architecture and solution integration

　　Advanced knowledge in business partnering

　　IT Penetration Testing

　　Knowledge of Access Management, DLP solution, SIEM technology and Auditing and Log monitoring (tools, processes, techniques)

　　Mastery in IT Risk Management

　　Mastery in IT SoX Compliance

　　IT Security Architecture

　　Knowledge of IT Compliance Standards and best practices

　　Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences

　　Excellent problem resolution and creative problem solving skills

　　Strong knowledge of change management process

　　Excellent project management skills

　　Ability to apply judgment in selecting and interpreting information, working within authorized limits prescribed by team leader/manager

　　Strong customer management skills; ability to clearly articulate the role that IT can play in enhancing customer activities

　　Physical Demands

　　Duties of this position are performed in a normal office environment.

　　Duties may require extended periods of sitting and sustained visual concentration on a computer monitor or on numbers and other detailed data. Repetitive manual movements (e.g., data entry, using a computer mouse, using a calculator, etc.) are frequently required.

　　Typical Experience

　　7 to 10 years experience.

　　Typical Education

　　Bachelor’s Degree. IT Risk Management, NIST 800-171 Standard training, CMMC training.

　　Notes

　　This job description is not intended to be an exhaustive list of all duties and responsibilities of the position. Employees are held accountable for all duties of the job. Job duties and the % of time identified for any function are subject to change at any time.

　　All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

　　Celestica’s policy on equal employment opportunity prohibits discrimination based on race, color, creed, religion, national origin, gender, sexual orientation, gender identity, age, marital status, veteran or disability status, or other characteristics protected by law.

　　This policy applies to hiring, promotion, discharge, pay, fringe benefits, job training, classification, referral and other aspects of employment and also states that retaliation against a person who files a charge of discrimination, participates in a discrimination proceeding, or otherwise opposes an unlawful employment practice will not be tolerated. All information will be kept confidential according to EEO guidelines.

　　COMPANY OVERVIEW:

　　Celestica (NYSE, TSX: CLS) enables the world’s best brands. Through our recognized customer-centric approach, we partner with leading companies in Aerospace and Defense, Communications, Enterprise, HealthTech, Industrial, Capital Equipment and Energy to deliver solutions for their most complex challenges. As a leader in design, manufacturing, hardware platform and supply chain solutions, Celestica brings global expertise and insight at every stage of product development – from drawing board to full-scale production and after-market services for products from advanced medical devices, to highly engineered aviation systems, to next-generation hardware platform solutions for the Cloud. Headquartered in Toronto, with talented teams spanning 40+ locations in 13 countries across the Americas, Europe and Asia, we imagine, develop and deliver a better future with our customers.

　　Celestica would like to thank all applicants, however, only qualified applicants will be contacted.

　　Celestica does not accept unsolicited resumes from recruitment agencies or fee based recruitment services.