IT Compliance Manager
The Area: The Information Security department is responsible for setting enterprise security policies and standards that are designed to protect the confidentiality, integrity and availability of Morningstar information. The security team offers guidance and technical expertise in areas like application security, policies and procedures, disaster recovery and compliance/regulation. We analyze emerging security threats and conduct risk and vulnerability assessments to ensure that our information remains secure.
The Role: The IT Compliance Manager’s primary focus is to lead and manage the Information Security Compliance team’s effort and activities to ensure information security compliance, privacy and protection across Morningstar. This individual will act as a liaison between Information Security and the Business regarding compliance related issues and activities, execute compliance status reporting and metrics, lead internal and external IT auditing processes, monitor information security and IT processes for compliance and policy issues and collaborate on risk vulnerability assessments. Provides technical expertise in all aspects of enterprise information security compliance for all applicable regulations. Responsible for enterprise information security program, policy, and procedure documentation, enterprise information protection and enterprise security awareness program. This role requires an individual who is well rounded – an exceptional multitasker, an effective communicator, is proactive, analytical and detail-oriented, possessing both strong technical and business skills and, operates well under pressure. This position is based in our Chicago office.
Responsibilities
- Execute audit tests; identify issues and areas for improvement in efficiency and effectiveness of information technology operations
- Lead, manage and support Morningstar’s current and future compliance related responsibilities (SOX, SOC2, PCI-DSS, GDPR, SEC, etc.)
- Monitor and enforce compliance to information security and compliance policies and standards
- Document and manage security / policy / compliance exceptions where necessary
- Manage periodic reviews of security policies, processes and procedures
- Assist in responding to customer RFP’s, RFI’s and conduct relevant contract reviews
- Translate compliance policy decisions into business and automation plans
- Lead information security compliance by establishing and operating an effective information security compliance program, across all regions and business units
- Monitor and enforce compliance to identity and access management controls
- Collect and analyze security metrics related to risk and compliance for presentation to senior management
- Assist with creating, publishing, presenting and maintaining security and compliance educational/training material
- Contribute to quarterly Information Security newsletters
- Liaise with Morningstar’s third-party audit personnel and facilitate audits as required
- Ensure Morningstar processes are efficient and effective, and procedures are up-to-date, relevant, and adhere to compliance standards
- Plan, present and follow-up on the strategic information security compliance programs for Morningstar
Requirements
- A bachelor’s degree and 5+ years’ experience in a risk, compliance or IT auditor role
- Excellent communication skills and a familiarity with common compliance standards (SOX, SOC2, PCI-DSS, GDPR, SEC, etc.)
- Knowledge of common security frameworks (NIST, ISO, etc.)
- Strong organizational skills and the ability to multitask and switch priorities with short notice
- Strong business analysis, research and analytical skills
- Excellent communication skills and a strong understanding of information security fundamentals
- Availability to work off business hours as required
Preferred
- Relevant security certifications (CISSP, CISM, or CIPP)
- Demonstrated knowledge and experience in the implementation of governance frameworks and security risk management processes, such as NIST, ISO, and COBIT guidelines and standards
- 1+ years’ experience directly managing personnel, including hiring, developing, motivating, and directing people as they work
Morningstar is an equal opportunity employer.