IT Compliance Manager
The Area: The Information Security department is responsible for setting enterprise security policies and standards that are designed to protect the confidentiality, integrity and availability of Morningstar information. The security team offers guidance and technical expertise in areas like application security, policies and procedures, disaster recovery and compliance/regulation. We analyze emerging security threats and conduct risk and vulnerability assessments to ensure that our information remains secure.
The Role: The IT Compliance Manager will assist in supporting Morningstar’s compliance related responsibilities. This individual will help document security processes and procedures, ensure current and future compliance obligations are met, assist in identifying and following up on information security risks, respond to customer RFP’s, RFI’s and contract reviews and create metrics for reporting compliance status to senior management. This role will also be responsible for ensuring identity and access management controls are enforced. This position is based in our Chicago office.
+ Execute audit tests; identify issues and areas for improvement in efficiency and effectiveness of information technology operations
+ Manage and support Morningstar’s current and future compliance related responsibilities (SOX, SOC2, PCI-DSS, GDPR, SEC, etc.)
+ Monitor and enforce compliance to information security and compliance policies and standards
+ Document and manage security / policy / compliance exceptions where necessary
+ Manage periodic reviews of security policies, processes and procedures
+ Assist in responding to customer RFP’s, RFI’s and conduct relevant contract reviews
+ Monitor and enforce compliance to identity and access management controls
+ Collect and analyze security metrics related to risk and compliance for presentation to senior management
+ Assist with creating, publishing, presenting and maintaining security and compliance educational/training material
+ Contribute to quarterly Information Security newsletters
+ Liaise with Morningstar’s third-party audit personnel and facilitate audits as required
+ A bachelor’s degree and 4+ years’ experience in a risk, compliance, security, or IT auditor role
+ Excellent communication skills and a familiarity with common compliance standards (SOX, SOC2, PCI-DSS, GDPR, SEC, etc.)
+ Knowledge of common security frameworks (NIST, ISO, etc.)
+ Strong organizational skills and the ability to multitask and switch priorities with short notice
+ Strong business analysis, research and analytical skills
+ Availability to work off business hours as required
Morningstar is an equal opportunity employer.