IT Security and Compliance Director
Who is Swire Coca-Cola? We are one of the largest bottlers of Coca-Cola and other beverage brands in America. Our 7,000 hardworking and passionate employees produce and distribute more than 300 brands and flavors across 13 states. We have as many careers as we have flavors, and regardless of which role you choose, you have a direct impact on Swire Coca-Cola, our products, and the communities we call home.
At Swire Coca-Cola, our commitment to excellence is what guides our actions with our employees. We offer a comprehensive benefits package for full-time associates which includes: Medical, Dental, Vision, 401K, Paid Vacation, Paid Holidays and Company Discounts.
IT Security and Compliance Director
Purpose: This position will be responsible for securing all technology and ensuring IT compliance, companywide. There are two primary components of this position: 1) IT Security, 2) IT Compliance and Audit.
This role will have responsibility for all IT security and compliance related projects and processes within the business including process creation, development, implementation, monitoring and improvement, and any other security and/or compliance related assignments as business needs require.
- Develop a security governance program and security projects that address identified risks and business security requirements.
- Manage the process of gathering, analyzing and assessing the current and future threat landscape, as well as providing a realistic overview with dashboards of risks and threats in the enterprise environment.
- Work with the CIO to develop budget projections based on short and long-term goals and objectives.
- Manage and report on compliance with security policies, as well as the enforcement of policies within the IT department. Propose changes to existing policies and procedures to ensure operating efficiency and regulatory compliance.
- Define appropriate procedures for securing and testing the Swire network from internal and external attacks. Facilitate and manage 3rd party external and internal network security testing.
- Monitor security appliances and applications such as firewalls, anti-virus programs, filtering utilities and other solutions to block harmful and inappropriate apps, programs, websites and otherwise harmful content from entering or existing within the network. Test the system through use of “phishing” email, social engineering, and other known exploits that currently exist and implement changes based on results.
- Manage, implement, test, configure and monitor network security, including password complexity, two-factor authentication, and any other processes, for access to systems with sensitive and critical information. Monitor and test to verify security of not only Swire’s local systems, but also of vendors/partners including CONA. Streamline the user experience while maintaining adequate application, data, cloud, and network security.
- Work with all applicable departments and functional groups, via change control, to minimize business impact and accomplish desired results. Understand compliance process and controls within IT department. Identify required changes necessary within each control and create detailed plan to achieve expected results for each control.
- Maintain IT Security Incident Response plan to ensure the plan is documented, communicated, and is consistent with the SCCU’s overall IMCR (incident Management/Critical Response) process.
- Assist in leading the Data Privacy program by conducting Privacy Impact Assessments on all on-premise and third party solutions.
- Bachelor’s degree or higher required.
- 10+ years’ experience in IT field required.
- 3 years Network Security experience required.
- 3 years Audit and Compliance experience required.
- 3 years Microsoft Windows/Server OS experience required.
- Understanding of network firewall management required.
- Understanding of network and network systems required.
- Knowledge of firewall set-up, configuration and maintenance required.
- English required, Mandarin and/or Cantonese is a plus.
- Strong analytical skills and strong attention to detail.
- Strong time management skills. Self-starter who can prioritize work and estimate effort required.
- Must be able to communicate effectively in speech, group presentations and writing.
- Ability to work with others in both individual and team settings.
- Facilitate meetings, define and communicate goals and measure success.
- Position will require interaction with employees and vendors at all levels, including senior management.
- Travel as business needs require.
- Extended hours as business needs require.
- Certifications (recommended): CISSP, SANS, Security+, ISACA, CREST, and/or other vendor-specific certifications preferred.
- 3 years SAP authorization experience.
- Active Directory administration knowledge.
- Two factor authentication knowledge.
- Knowledge of SAP authorizations.
- Familiarity with PCI (payment card industry) technical requirements.
- Knowledge of penetration testing protocols.
- Project Management experience.
Swire Coca-Cola, USA is an equal employment opportunity and affirmative action employer that participates in the E-Verify program as required by law. All qualified applicants will receive consideration for employment without regard race, color, religion, sex, sexual orientation, gender identity, national origin, disability, Veteran status or other legally protected characteristics.
- Pay Type Salary
- Draper, UT, USA