PURPOSE OF ROLE:
The Manager, IT Policy and Compliance will work closely with leadership at multiple levels, specifically with the Vice President and Director levels to validate the scope, assess risk, and ensure results are delivered globally in governing policy compliance management, compliance remediation as well as testing and compliance scanning. This position is the key source for overall IT compliance issues tracking, remediation plan acceptance and resolution.
This position will be required to work cross-functionally across the organizations business units primarily collaborating with management at all levels to confirm the development of action plans and drive through to remediation of issues to address risks identified, escalating to Senior and Executive management as needed when risk profile is unacceptable. Key partners are Internal Audit, Information Security Group, and IT leadership.
Leads the development, implementation and maintenance of compliance scanning, general computing controls facilitation, audit testing support and remediation, policy management and communication/reporting by guiding and influencing leadership in the development of an acceptable risk profile; defining goals, objectives, deliverables, and guardrails within the governance framework to ensure the development and implementation of efficient, effective, measurable, and sustainable processes; overseeing the development and maintenance of process documentation and measurements (e.g., policy, process flows, procedures, KPIs); working collaboratively across IT and business functions to develop remediation road maps and drive cohesive integration of compliance needs and risk acceptance for IT.
Leads and manages Compliance process improvement efforts by identifying, recommending, and implementing process and tool enhancements which reduce costs, risks, and inefficiencies; defining specific process improvement goals and measures of success; overseeing the development of business cases in support of process improvement projects; establishing process for reporting key metrics and performance measurements; delivering briefings to senior management on the status and progress of process improvement initiatives
Oversees the performance and execution of compliance remediation plans by identifying and managing resources needed for the ongoing delivery of an acceptable risk profile; working collaboratively across IT and business functions to ensure processes and plans are executed as designed and deficiencies are escalated; setting guardrails for how work needs to be accomplished; managing the development and delivery of user training and reference materials as needed to support IT Compliance goals.
Advocates and drives compliance with PCi, SOX, GCC and IT policies and procedures across the enterprise by managing change efforts to implement and embed new or enhanced processes according to organizational change procedures; ensuring process changes are communicated to all IT employees and business partners; working closely with IT and business partners to create consistency and standardization across processes throughout the organization; overseeing the development, monitoring, and reporting of compliance measures; ensuring adherence of users and practitioners with regulatory and internal compliance controls to minimize company risk, protect IT services and the Lowe's brand.
- Makes decisions on remediation plans, as to whether they meet standards and addresses identified issues and satisfactorily addresses risk. Can stop technology build from going into production if it does not meet gold standards. Drive remediation of identified issues from various compliance sources, such as ISG, IA and IT.
- Leads a global team to design/implement/manage/oversee/direct internal testing of IT internal controls and security configuration scanning Must maintain a strong technical acumen across IT solutions, Infrastructure and Security to ensure a balanced approach is used in remediation.
- Work closely with senior leadership across various organizations to define the scope, assess the risk, and deliver the results of testing, compliance scanning and remediation. Regularly presenting SOX/PCI updates and requirements to the CIO staff.
- Conduct annual planning and facilitation of IT policy reviews and revisions.
- Establish and maintain the policy waiver process which will formally report areas of noncompliance with agreed upon policies to IT management. Drive remediation to remove approved waivers as needed to maintain an acceptable risk profile for IT.
- Must have deep understanding of the following specific compliance drivers: SOX - Internal and External Audit (Business Process, General Computing, Entity Level), PCI - Credit Card Providers, TR-39 - US Debit Card Providers, Interac - Canadian Debit Card Providers, Policy and Standards Compliance - ISG and IT, and Process Audit Recommendations.
- Must have and maintain required level of understanding of any new compliance mandates as may be instituted by the regulatory bodies, internal audit or IT senior management.
- Pursue professional growth and provide developmental opportunities for others by soliciting and acting on performance feedback; build collaborative, cross-functional relationships; hire, train, and develop talent for growth opportunities; delegate tasks and decisions; foster open dialogue among team members; work closely with employees to set goals and provide open feedback and coaching to drive performance improvement.
Required Minimum Qualifications:
- Bachelor's Degree in Computer Science, Information Systems, Security, or related field with 7+ years of IT Experience or equivalent work experience in lieu of degree
- 5+ years of experience leading the implementation or support of large scale processes
- 3+ years of experience in a leadership role, with or without direct reports
- 2+ years of experience managing in large organizations and cross functional roles
- Master's Degree in Business Administration, Computer Science, CIS, Engineering or related field with 4+ years of experience in an IT role requiring interaction with senior leadership
- Experience developing and delivering IT process metrics and reporting
- Experience working with third party IT vendors and/or software/hardware suppliers
- 3+ years of experience in the configuration of ITSM tool(s) (e.g., Remedy, Service-Now)
- Experience working within an IT Infrastructure Library (ITIL) framework
- 2+ years of supervisory experience with direct reports
Lowe-s Companies, Inc. (NYSE: LOW) is a FORTUNE- 50 home improvement company serving more than 18 million customers a week in the United States, Canada and Mexico. With fiscal year 2018 sales of $71.3 billion, Lowe-s and its related businesses operate or service more than 2,200 home improvement and hardware stores and employ approximately 300,000 associates. Founded in 1946 and based in Mooresville, N.C., Lowe-s supports its hometown Charlotte region and all communities it serves through programs focused on safe, affordable housing and careers in the skilled trades. For more information, visit Lowes.com.