Manager of Technology and Security Compliance

nd Compliance team focuses on preparing systems for audits through pre-audit testing, control validation, and supporting control owners in document creation to ensure the delivery of high-quality security compliance and audit results, delivering outstanding IT compliance strategies to accomplish goals. This position will support the creation or revision of policies and standards to ensure traceability with security and compliance standards. Collaborating, briefing and aligning regularly with internal and external partners in a fast-paced environment that delivers business value and enables the achievement of compliance objectives is key.

What you will be doing:

• Partnering with control owners to build, update, and implement controls across applicable domains (AI, PII, SOX, PCI, HIPAA, etc.).

• Developing and revising compliance architecture & strategy to support technology alignment with company's business strategy

• Managing pre-implementation SOX control assessments and compliance engagements

• Working closely with system owners, developers, and IT teams to ensure controls are implemented effectively throughout the SDLC; support annual testing of controls

• Conducting security assessments and building Security Assessment Reports (SAR) of security controls to determine their effectiveness in protecting systems and data

• Establishing and maintaining compliance standards, patterns and guidelines that optimize Altria's business operations

• Building and overseeing the usage of compliance and controls metrics and dashboards, driving a value approach to utilization across portfolio delivery, and briefing senior leaders

• Partnering with Corporate Audit and audit liaison functions to support delivery of artifacts to internal and external auditors and minimize findings

• Drafting and updating policies and standards that align with industry and regulatory requirements or standard methodologies.

We want you to have:

• Bachelor's degree or equivalent experience in an IT-related subject area

• 8+ years of experience in the information technology field specializing in security control selection and validation, assessments and a system accreditation, auditing or technology architecture.

• Demonstrable proficiency with current IT technologies.

• Knowledge and hands-on experience with NIST 800-series guidelines (e.g. Risk Management Framework (RMF) 800-37, continuous monitoring 800-137), Security Assessment & Authorization (SA&A) requirements and processes, Continuous Monitoring Framework experience and its tools, Plan of Action & Milestones (POA&M) policies, and vulnerability/patch management, risk management, project management

• Knowledge and experience with of industry specific compliance standards (e.g. Sarbanes-Oxley (SOX), SEC, HIPAA, PCI DSS, etc.) as they pertain to information systems and testing of associated controls.

• Familiarity with vulnerability and scanning tools and proficient in interpreting risk posture resulting from assessment reports. Experience in project management and tracking, and the Microsoft suite of office products.

• High proficiency with documenting and or reviewing security materials such as; system security plans (SSP), Security Assessment Report (SAR), Security Assessment Plan (SAP), and other documents per NIST 800 guidelines.

The starting salary is based on but not limited to experience, knowledge, and qualifications in determining compensation decisions. The Salary Range for this position is: $116,200.00 - $168,400.00.

We deliver a market-competitive, equitable pay with a Total Reward program that includes:

• Annual performance incentive based on individual and company performance

• Competitive Medical, Dental, and Vision insurance to support you and your loved ones

• Flexible Work Environment to include vacation and generous holidays

• Deferred Profit-Sharing Plan (401K) with matching contributions on day 1, including a yearly company contribution

• Paid Paternity and Maternity Leave

• Employee Recognition Awards

• Student Loan Assistance

• To learn more about How to Support you and your Loved Ones, Work-Life Balance, and Invest into your Future, visit our additional benefits at Benefits (altria.com)

This position is not eligible for sponsorship.

.buttontext4d1d7046c1afdc2e a{ border: 1px solid transparent; } .buttontext4d1d7046c1afdc2e a:focus{ border: 1px dashed #5B94FF !important; outline: none !important; }

Altria is a Fortune 200 company that has a leading portfolio of tobacco products for U.S. tobacco consumers 21+. Our Vision is to responsibly lead the transition of adult smokers to a smoke-free future. We are Moving Beyond Smoking™, leading the way in moving adult smokers away from cigarettes by taking action to transition millions to potentially less harmful choices.

At Altria, we celebrate the power of diverse teams working together to shape our future. Each Altria company is an equal opportunity employer. We are committed to providing individuals with criminal records, including formerly incarcerated individuals and individuals with conviction records, a fair chance at employment. Join us as we work together to shape a better future for adult tobacco consumers, our employees, and our shareholders.

Altria is the parent company of Philip Morris USA, John Middleton, U.S. Smokeless Tobacco, Helix Innovations and NJOY. Altria complements its tobacco portfolio with equity investments in Anheuser-Busch InBev and Cronos Group.

Learn more about Altria at https://www.altria.com and follow us on LinkedIn .