Manager of Risk, Compliance, and Governance

porate Audit, Business Information Security Officers, and the broader IT Risk Management team. You will be responsible for conducting annual assessments, overseeing disaster recovery governance, and collaborating with corporate audit teams to ensure compliance with policies and standards. Your ability to build strong relationships with internal and external partners, deliver business value, and enable the achievement of compliance objectives will be key to your success.

What you will be doing:
• Partnering with control owners to build, update, and implement controls across applicable domains (AI, PII, SOX, PCI, HIPAA, etc.).
• Assessing compliance framework & strategy to support technology alignment with company's business strategy.
• Establishing and maintaining disaster recovery (DR) governance, ensuring on-going completeness and accuracy of disaster recover documentation (e.g., DR plans and procedures)
• Validating business impact assessments of all applications in the Altria environment for disaster recovery
• Serving as a liaison for steady-state SOX control assessments.
• Working closely with Security Controls and Compliance team to ensure controls are implemented or modified effectively throughout the SDLC for in-scope SOX systems/tools; support annual testing of controls.
• Conducting technical controls, compliance and resiliency assessments to determine effectiveness in protecting systems and data.
• Establishing and maintaining compliance standards, patterns and guidelines that optimize Altria's business operations.
• Building and overseeing the usage of compliance and controls metrics and dashboards, driving a value approach to utilization across portfolio delivery, and briefing senior leaders.
• Partnering with Corporate Audit and audit liaison functions to support remediation of internal and external auditors' management action plans and minimize findings.

We want you to have:
• Bachelor's degree or equivalent experience in an IT-related subject area
• 8+ years of experience in the information technology field specializing in security control selection and validation, assessments and a system accreditation, auditing or technology architecture.
• Demonstrable proficiency with current IT technologies.
• Knowledge and hands-on experience with NIST 800-series guidelines (e.g. Risk Management Framework (RMF) 800-37, continuous monitoring 800-137), Security Assessment & Authorization (SA&A) requirements and processes, Continuous Monitoring Framework experience and its tools, Plan of Action & Milestones (POA&M) policies, risk management, and project management
• Knowledge and experience with of industry specific compliance standards (e.g. Sarbanes-Oxley (SOX), SEC, HIPAA, PCI DSS, etc.) as they pertain to information systems and testing of associated controls.
• Experience in project management and tracking.
• Proficient in Microsoft suite of office products, include power automation tools.
• High proficiency with reviewing security materials such as; system security plans (SSP), Security Assessment Report (SAR), Security Assessment Plan (SAP), and other documents per NIST 800 guidelines.

The starting salary is based on but not limited to experience, knowledge, and qualifications in determining compensation decisions. The Salary Range for this position is: $116,200.00 - $168,400.00.

We deliver a market-competitive, equitable pay with a Total Reward program that includes:

• Annual performance incentive based on individual and company performance

• Competitive Medical, Dental, and Vision insurance to support you and your loved ones

• Flexible Work Environment to include vacation and generous holidays

• Deferred Profit-Sharing Plan (401K) with matching contributions on day 1, including a yearly company contribution

• Paid Paternity and Maternity Leave

• Employee Recognition Awards

• Student Loan Assistance

• To learn more about How to Support you and your Loved Ones, Work-Life Balance, and Invest into your Future, visit our additional benefits at Benefits (altria.com)

This position is not eligible for sponsorship.

.buttontext4d1d7046c1afdc2e a{ border: 1px solid transparent; } .buttontext4d1d7046c1afdc2e a:focus{ border: 1px dashed #5B94FF !important; outline: none !important; }

Altria is a Fortune 200 company that has a leading portfolio of tobacco products for U.S. tobacco consumers 21+. Our Vision is to responsibly lead the transition of adult smokers to a smoke-free future. We are Moving Beyond Smoking™, leading the way in moving adult smokers away from cigarettes by taking action to transition millions to potentially less harmful choices.

At Altria, we celebrate the power of diverse teams working together to shape our future. Each Altria company is an equal opportunity employer. We are committed to providing individuals with criminal records, including formerly incarcerated individuals and individuals with conviction records, a fair chance at employment. Join us as we work together to shape a better future for adult tobacco consumers, our employees, and our shareholders.

Altria is the parent company of Philip Morris USA, John Middleton, U.S. Smokeless Tobacco, Helix Innovations and NJOY. Altria complements its tobacco portfolio with equity investments in Anheuser-Busch InBev and Cronos Group.

Learn more about Altria at https://www.altria.com and follow us on LinkedIn .