IT Risk and Compliance Lead
Cree is searching for an IT Risk and Compliance Lead who will be responsible for the implementation and oversight of the IT GRC and Audit Programs under the guidance of the IT Service Excellence Leader. In addition to the implementation of a Risk Management Framework, they will be responsible for managing the IT General Controls in support of SOX compliance and Program Management of the NIST Plan of Actions and Milestones (POAM) program. This position is located at our headquarters facility in Raleigh/Durham, NC.
What can Cree do for you?
- Potential upward mobility in a thriving organization
- A chance to play a pivotal role in new process implementation and the transformation of Cree IT to enable company growth and profitability
- Opportunity to drive compliance maturity throughout Cree IT
- Expand your skill-set working with a wide variety of compliance recruitments
What can you do for Cree?
- Implement an IT risk management framework
- Establish IT compliance monitoring procedures including executive reporting of all open risks and audit findings
- Provide oversight and guidance to IT Operations Leaders responsible for implementing compliance controls
- Manage all IT General Controls to ensure SOX compliance, including quarterly control testing
- Coordinate all Internal and External IT Audits (Cree Internal Audit, External Financial Audit, Customer Audits, etc.)
- Work closely with the Information Security team to ensure the appropriate implementation of policy and procedure best practices and NIST SP800-53 controls.
- Develop policy review, security policy exception, and control risk mitigation processes
- Advise IT senior leadership on identified compliance risks and recommend mitigations appropriate for Cree’s environment
- Establish documentation management procedures (controlled document handling, audit work papers and compliance evidence management, etc.)
What you need for success:
- Bachelor's Degree in Information Systems, Business Management or similar field;
- 5 – 10 years of experience in information security governance, IT audit, or risk management;
- Strong communication and leadership skills and the ability to partner effectively with various teams within IT and the business;
- Ability to manage multiple programs/projects simultaneously and ability to effectively implement the programs/projects in a complex environment;
Highly preferred skills and certifications:
- Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), or Certified Internal Auditor (CIA)
- Experience implementing the NIST SP800-53 Risk Management Framework and POAM remediation tracking
- Familiarity with NIST, DFAR, COBIT, PCI, Sarbanes–Oxley, the General Data Protection Regulation (GDPR), IATF 16949:2016, IoT Risks
- Strong understanding of manufacturing or semiconductor operations