IT Risk and Compliance Specialist

Company Description

To be the leading producer of glass bottles and jars worldwide you need passion, commitment and innovation baked into the very fabric of a business and its people. For more than 120 years, our glass makers have honed their craft—channeling their creativity into more than 1,800 patents held today. When you join O-I you become part of that story.

O-I has more than a century of experience crafting pure, sustainable, brand-building glass packaging for many of the world’s best-known food and beverage brands. We are proud to provide high quality glass packaging for beer, wine, spirits, food, non-alcoholic beverages, cosmetics and pharmaceuticals. We are dedicated to make what matters to shape a healthier, more sustainable and more exciting world. We transform the industry to make glass more relevant and more accessible to more people.

With nearly 25,000 employees and an unparalleled footprint spanning almost 72 plants in 20 countries, O-I is a truly global maker of glass packaging.

From engineering & manufacturing to brand development, design & innovation, we are dedicated to provide unique solutions to exceed our customers’ expectations and fuel consumers’ desire for glass.

Job Description

The IT Risk and Compliance Specialist is responsible for monitoring the IT controls environment at O-I. This includes evaluating log information, performing user access reviews, participating in the incident response process documenting, testing, and auditing processes for compliance with established policies and procedures in various locations around the world or at 3rd parties. The IT Risk and Compliance Specialist will also work with technical resources and other team leads to produce technical documentation and recovery plans for critical systems. The IT Risk and Compliance Specialist will also be involved in the implementation and cybersecurity assessment of new security solutions, participation in the creation and or maintenance of policies, standards, baselines, guidelines, and procedures as well as participating in vulnerability audits or independent assessments. 

JOB FUNCTIONS

• Monitor user access to IT systems by performing the following: Semiannual access reviews, Termination validation procedures, IT Privilege access reviews
• Validate that access to critical functions within key applications is appropriately segregated (Segregation of Duties – SOD)
• Work with system administrators to ensure that plans exist to recover applications and systems in the case of a disaster
• Assessing applications, vendors, and processes from Cybersecurity and Privacy perspective
• Work with the IT and Legal teams to ensure compliance with regulations (SoX, GDPR, DOL, etc).
• Work with the IT organization to create policies, procedures, and standards
• Support the execution of the IT Risk Management process
• Maintain the global framework of IT Controls
• Establish effective communication processes with the business and regional IT teams to coordinate the global assessment of IT controls
• Integrally engage in projects making sure that they comply with O-I policies and security requirements
• Assist with independent vulnerability assessment and SoX audit processes
• Follow documented procedures and retain necessary audit documentation
• Participate in the incident response activities in accordance with established procedures

Travel: 10%, if required

Qualifications

• Bachelor’s degree or equivalent years of experience in information technology or related discipline
• Understanding of security protocols and standards
• Solid knowledge of information security principles and practices

Additional Qualifications: 

One or many bellow certifications will be an additional advantage: 

• (ISC)2 Certified Information Systems Security Professional (CISSP)
• ISACA Certified Information Security Manager (CISM)
• ISACA Certified Information Systems Auditor (CISA)
• ISACA Certified in Risk & Information System Controls (CRISC)
• ITIL Foundations certified and working knowledge of ITIL processes
• Microsoft Azure/M365

Experience: 

• 3 years of experience working in Information Technology/IT Risk and Compliance/IT GRC
• 3 years of experience working with IT general computer control evaluations, remediation, and with external auditors
• Intermediate knowledge of Microsoft Active Directory and Windows services
• Intermediate operational knowledge of SAP GRC
• Intermediate knowledge related to privacy assessment (GDPR)
• Understanding of the industry’s control frameworks and leading practices
• Experience evaluating system security requirements
• Knowledge of system functions, security policies, technical security safeguards, and operational security measures
• Experience in communicating and presenting to a management-level audience
• Knowledge of industry-leading practices, security frameworks, policies, and standards
• Ability to determine priorities, makes discretionary decisions and determines when to notify management
• Ability to work well with people from many different disciplines with varying degrees of technical experience
• Scripting in PowerShell and/or Python

Additional Information

IT Risk and Compliance Specialist reports directly to Cybersecurity: IT Governance, Risk and Compliance Manager. 

WE OFFER

• Remote work from Poland
• Home office subsidy
• Private medical care including dental care
• Life insurance
• Multisport card
• Social fund (e.g. vacation allowance, Christmas allowance)
• Employee referral program
• Flexible working hours

While working from the office you can enjoy working from the building fully adapted to people needs with disabilities.

If you are passionate, innovative, culturally open, curious and collaborative, we’d like to hear from you. Please apply now or for a confidential conversation please email Katarzyna Toporek katarzyna.toporek@o-i.com 

O-I is committed to fostering an inclusive environment that attracts and embraces the brightest minds and creates a culture that welcomes a diversity of ideas and perspectives while encouraging growth and rewarding performance.

Read Full Description