IT Governance, Risk and Compliance Manager
Why Valvoline Global Products?
We’ve been inspiring and enabling what moves the world forward for more than 150 years, starting with the invention of the world’s first branded motor oil. Today, we’re a leading worldwide marketer and supplier of premium branded lubricants, automotive and industrial chemistries, and a business solutions provider to our customers and partners, driven every day by a people-centered focus on innovation and customer excellence.
We’re proud to be The Original—the first to see potential in things others overlook. Originals are the first to develop sustainable solutions. Originals move the world forward. At Valvoline Global Products, that’s what we do every day in over 140 countries worldwide. We create future-ready products that improve the performance of automotive and industrial equipment and services that help our businesses grow and thrive. As The Original, we’ve been innovating to solve problems for over 150 years. And we’ll continue to invent and reinvent the way forward, to always meet our customers’ needs – today and in the future.
Living out our values is what makes our company, our employees, our partners, our customers, and the communities we serve, great. It is our responsibility. It is what drives us. It is who we are.
We’re looking for people who care, operate with integrity, strive for excellence in everything they do, are eager to develop new skills to win, and show passion for delivering on our commitment to all our stakeholders. We are looking for Hungry, Humble, and Smart individuals. If this is you, you’ve come to the right place, and we invite you to join The Original!
Careers for the Driven
Valvoline has a rewarding opportunity as a IT Governance, Risk & Compliance (GRC) Manager. We whole-heartedly adopt a ‘never idle' mindset. We also know that outstanding service begins and ends with our employees. So, we’re looking for good people to join our team. You bring your skills, talents and drive. We will give you a great place to work, a competitive salary and benefits, and the resources and support to develop and advance within our global company.
*Valvoline World Headquarters is located in Lexington, KY, but we invite remote candidates to apply as well. Ideally, we would like candidates located in nearby markets (Cincinnati, Louisville, and Nashville), but we are open to other locations.
How You’ll Make an Impact
The IT Governance, Risk & Compliance (GRC) Manager is responsible for facilitating the development, implementation, documentation, and review of IT policies, procedures, processes, programs, and practices to guide toward continuous compliance with organizational and industry laws, regulations, and frameworks. The manager works with Information Technology, Information Security, Internal and External Audit resources and the business to support process documentation and review, reporting and analytics, and developing and maintaining the appropriate records related to policy, procedures, control self-assessments, risk, etc. The manager coordinates with the corporate accounting to identify, develop, and maintain a suite of appropriate IT Controls that support the organization's overall Internal Control over Financial Reporting (ICFR). The manager will assist in IT Risk Assessment projects including the identification and documentation of an IT Risk Register, Risk Assessments, Mitigating Controls, Residual Risk, and other related data.
In the role, you would be responsible for:
Managing the company's GRC program ensuring all IT policies and procedures are documented and updated according to regulatory standards, maintains ICFR program and other policy/regulatory compliance, collaborates with information security, maintains version control documentation, and risk management along with repository/system of record up-to-date as defined by the IT Governance program.
- Leading risk assessments to identify security risks across business functions, products and systems; oversees risk register and ongoing risk treatment lifecycle, including exceptions; provides SOX subject matter expertise for testing of all IT Sarbanes-Oxley controls and liaison between audit and business personnel. Collaborates on identified program deficiencies from internal and external resources, determines appropriate mitigation strategies, coordinates the performance and review of ITGCs, and evaluates residual risks.
- Ensuring the organization maintains current compliance with all applicable Payment Card Industry Data Security Standard (PCI DSS) requirements across all payment channels. Generates annual Report on Compliance (ROC) and Attestation of Compliance (AOC) for each applicable channel.
- Leading organizational security and privacy awareness efforts and implements a measured and managed awareness program; collaborates with IT Security on penetration testing, vulnerability scanning and device/system health checks within the infrastructure; identifies tasks necessary to remediate identified risks and vulnerabilities, negotiate dates for completion of remediation tasks, and track progress on remediation of identified risks and vulnerabilities and provide reporting to appropriate members.
- Measuring security program maturity and builds plans for increasing maturity through projects, capabilities and controls.
- Evaluating all potential new vendors and systems for integration into enterprise environment, including vendor security posture, compatibility with existing enterprise solutions, Privacy Impact Assessment (GDPR PIA/DPIA), and compliance with internal controls and external regulations and requirements (SOX, GDPR, PCI-DSS).
- Managing the IT-specific application of the organization's data privacy program, ensuring compliance with applicable laws and regulations, and providing situational awareness and guidance to the relevant organizational groups.
- Functioning as the GRC repository system Subject Matter Expert (SME) and trains/supports clients with repository system usage, including one-on-one training and drafting training guidelines when necessary.
- Other duties and responsibilities as determined by Valvoline from time to time in its sole discretion
What You’ll Need
- Bachelor's degree in business, accounting/finance, computer science, information systems, engineering, or a related field
- Minimum of five years of experience in IT and/or audit or minimum three years dedicated IT GRC related experience writing/reviewing IT policies and procedures
- PCI-DSS Internal Security Assessor certification
- Demonstrate a strong understanding of various compliance and regulatory areas (e.g. Sarbanes-Oxley, PCI, COBIT, HIPAA)
- Demonstrate an in-depth understanding of the risk register, risk exposure, risk reporting and handling of risk events
- Ability to recommend and influence business process changes with regards to Information Security policies, standards, processes, and processes (including the use of tools)
- Excellent written and verbal communication skills
- Strong analytical and problem solving skills
- Ability to work both independently and as part of a team to deliver quality work product in a timely fashion in a fast-paced environment
- Ability to multi-task and prioritize tasks
- Ability to exercise good professional judgment
- Ability to work well with people from many different disciplines with varying degrees of technical experience
- Ability to adapt to a dynamic, rapidly changing business and technical environment
- Ability to maintain confidentiality
Must be authorized to work in the U.S.
What Will Set You Apart
- Participation in life cycle project implementations (from scoping/planning, requirements gathering, design, development, testing, launch and support)
- Risk, Audit and Security certification - CGEIT, CISSP, CIA, CISA, PCIP, etc.
Benefits That Drive Themselves
- Health insurance plans (medical, dental, vision)
- HSA and flexible spending accounts
- Incentive opportunity*
- Life insurance
- Short and long-term disability insurance
- Paid vacation and holidays*
- Employee Assistance Program
- Employee discounts
- Tuition reimbursement*
- Adoption assistance*
*Terms and conditions apply and benefits may differ depending on position.
Females and minorities encouraged to apply.
Valvoline provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. Are you good at what you do? Join us.
The Company endeavors to make its recruitment process accessible to any and all users. Reasonable accommodations will be provided, upon request, to applicants with disabilities in order to facilitate equal opportunity throughout the recruitment and selection process. Please contact Human Resources at 1-800-Valvoline or email 1-800Valvoline@valvoline.com to make a request for reasonable accommodation during any aspect of the recruitment and selection process. The contact information is for accommodation requests only; do not use this contact information to inquire about the status of applications.