IT Manager I

GENERAL PURPOSE:

The IT Risk Manager directs, coordinates, plans, and organizes information security activities throughout Ross. Works closely with the IT Compliance Manager and Secure Project Delivery Manager to help develop, mature, and execute the IT Risk processes which include; governance, risk assessment, risk analysis, risk metrics, risk reporting, technology enablement, maintenance of the risk taxonomy, and organizational integration. The Manager works with a wide variety of people from different organizational units, bringing them together to manifest controls that reflect workable compromises as well as proactive responses to current and future information security risks.

ESSENTIAL FUNCTIONS:

  • Manages the risk management team performing IT and business risk assessments, vendor risk management and contracts management.
  • Performs management and personnel administration functions associated with Ross’ IT Risk Management Department.
  • Responsible for performing risk assessments to identify current and future security vulnerabilities, determine what level of risk is acceptable to the organization, and determine the best ways to reduce information security risks to this acceptable level of the company’s assets, relationships, processes, and functions associated with IT and business risk.
  • Responsible for managing Third Party risk management and related contracts agreements to ensure necessary security controls have been included as part of services and capabilities for the protection of organization assets.
  • Establishes and maintains related IT Risk Management metrics and reporting. Collaborates with IT Compliance Manager, Secure SDLC Manager, Information Security, and IT groups to define, gather and analyze metrics. Provides targeted reporting to all levels of IT and Business management.
  • Executes and maintains risk assessments related tools with the goal of improving efficiency, reducing costs, improving agility and optimizing information technology governance, risk, and controls management processes, while providing an overall view of the organization’s risk profile. Coordinates and communicates IT risk-related activities among IT key stake holders.
  • Monitors current and proposed laws, regulations, industry standards, and ethical requirements related to information security and privacy, so that Ross Stores is warned in advance and is ready to be fully compliant with these requirements.

COMPETENCIES:

  • Dealing with Ambiguity
  • Organizing
  • Conflict Management
  • Problem Solving
  • Customer Focus
  • Motivating Others
  • Developing Effective Teams
  • Communication

QUALIFICATIONS AND SPECIAL SKILLS REQUIRED:

  • Minimum 5 -10 years of professional experience in running an information security function, including analyzing and applying information security risk, risk management, and privacy practices
  • Bachelor degree preferred or equivalent combination of education and relevant experience
  • Experience with all aspects of regulatory and contractual compliance, especially Payment Card Industry (PCI), Sarbanes Oxley, and Health Information Portability and Accountability Act (HIPAA) requirements for as they relate to IT
  • Experience with IT process, risk and control frameworks, such as COBIT, ISO 27001, ITIL, Risk IT
  • CISSP (Certified Information System Security Professional), CISA (Certified Information Systems Auditor) OR CRISC (Certified in Risk and Information System Control) OR CGEIT (Certified in Governance of Enterprise IT) preferred
  • Experience communicating and presenting both verbally and in writing to various audiences, including committees, large groups, senior management, and executive leadership

SUPERVISORY RESPONSIBILITIES:

Security Risk Analysts

DISCLAIMER

This job description is a summary of the primary duties and responsibilities of the job and position. It is not intended to be a comprehensive or all-inclusive listing of duties and responsibilities. Contents are subject to change at management’s discretion.

Ross is an equal employment opportunity employer. We consider individuals for employment or promotion according to their skills, abilities and experience. We believe that it is an essential part of the Company’s overall commitment to attract, hire and develop a strong, talented and diverse workforce. Ross is committed to complying with all applicable laws prohibiting discrimination based on race, color, religious creed, age, national origin, ancestry, physical, mental or developmental disability, sex (which includes pregnancy, childbirth, breastfeeding and medical conditions related to pregnancy, childbirth or breastfeeding), veteran status, military status, marital or registered domestic partnership status, medical condition (including cancer or genetic characteristics), genetic information, gender, gender identity, gender expression, sexual orientation, as well as any other category protected by federal, state or local laws

'186764