General Electric Director of GRC IT Compliance (Digital Technology) Houston,Tx in Ft Worth, Texas
Baker Hughes, a GE company (NYSE:BHGE) is the world’s first and only full-stream provider of integrated oilfield products, services and digital solutions. Drawing on a storied heritage of invention, BHGE harnesses the passion and experience of its people to enhance productivity across the oil and gas value chain.
BHGE helps its customers acquire, transport and refine hydrocarbons more efficiently, productively and safely, with a smaller environmental footprint and at lower cost per barrel. Backed by the digital industrial strength of GE, the company deploys minds, machines and the cloud to break down silos and reduce waste and risk, applying breakthroughs from other industries to advance its own.
With operations in over 120 countries, the company’s global scale, local know-how and commitment to service infuse over a century of experience with the spirit of a startup – inventing smarter ways to bring energy to the world.
Follow Baker Hughes, a GE company on Twitter @BHGECo, or visit us at BHGE.com.
Searching for motivated candidate and a results-oriented leader to join our growing CSRC DT Controllership team as a Director, focusing on management of our global Risk & Compliance program. The ideal candidate will have hands-on experience managing the development, implementation, and enforcement of the compliance program as well as planning, directing, and administering risk management. This may include establishing risk tolerance guidelines and policies and ensuring the risk exposure of the organization is within these guidelines. Ensures maximum protection of the organization's assets. Develops and implements business continuity plans enterprise-wide, where applicable. Conducts periodic audits to assess compliance levels. Develops processes for effective and efficient reporting and data analysis to minimize risk exposure. Consults on an ongoing basis on related issues with managers and executives. Ensures conformance with applicable laws and regulations and ensures regular training is conducted on compliance issues.
Management of BHGE risk assessment programs and integrated risk project resources to establish baseline compliance across the organization.
Manage resources with responsibilities in the area on non-sox compliance of critical BIA systems, regulatory controls, records information management, and enterprise risk programs.
Develop and maintain a strategy for managing security related audits, compliance checks and external assessment processes for auditors, Payment Card Industry (PCI), Personally Identifiable Information (PII), General Data Protection Regulation (GDPR), Sarbanes-Oxley (SOX), and other applicable industry standards.
Act as risk leader for all of BHGE CRSC
Develop strategies and action plans to drive control maturity improvement in areas where controls do not adequately mitigate risks.
In conjunction with Legal, identify information management and protection laws and regulations and implement actions to ensure compliance.
Recommend strategies to ensure a common approach towards regulatory authorities and obtain internal efficiency.
Ensures a comprehensive understanding of existing requirements and ongoing monitoring of new requirements.
Coordinate and track all information technology and security related audits including scope of audits, business units involved, timelines, and outcomes. Liaise with Internal Audit, maintaining excellent relationships and provide transparency
Provide guidance, evaluation and advocacy on audit responses.
Consult and lead the development and implementation of effective and reasonable policies and practices to secure sensitive data and ensure security and compliance with contracts, regulatory requirements, and industry standards.
Manage the 3rd party risk assessments process to ensure risk transparency and business acceptance, contractual obligations and enable risk-based decision making
Partner with business and technology leaders in ensuring new and existing business relationships adequately address information security risk through vendor management, security engineering engagements, and security assessments of processes and procedures.
Risk management evangelist for the organization
Manage specified GRC projects from inception to completion
Support leadership in establishing annual and long-term goals, defining risk and governance strategies, metrics, and reporting mechanisms.
Manage & Control Departmental Budgets to ensure effective budgeting and cost controls are implemented.
Departmental Administrative Duties - Manage and oversee multiple staff members and develop the careers of all resources.
Develop and manage the cybersecurity risk management strategy, framework and approach.
BA/BS in Business Administration, IT Management system, and other applicable Information Technology disciplines
Minimum 8+ years of relevant experience in IT Compliance/Audit and Security & the identification and remediation of control gaps.
Licenses or Certificates : CISSP, CRISC, CISM, CISA and/or COBIT certifications beneficial
Strong familiarity with governance and controls frameworks, such as NIST, SOX, COBIT, ITIL, PCI, etc.
Strong familiarity with audit standards such as ISO, SOC, and SSAE.
Strong familiarity with IAAS, SAAS and PAAS security methodologies and best practices.
Broad understanding of IT infrastructure, risk and compliance.
Expert level of Information Security policy development and process creation.
Knowledge of global regulatory standards specifically GDPR.
Experience with all of the following: application data security, business continuity, computer forensics, disaster recovery, incident response, network security, risk assessment, vendor management.
Experience in project management practices, tooling, and managing projects through the project lifecycle
Experience managing a team, consisting of company resources and supporting contractors
Strong analytical and problem solving skills, with demonstrated intellectual and analytical rigor
Strong communication skills, interpersonal skills, and presentation skills that allow effective interactions/communications with business partners across regional and/or functional lines
Demonstrated track record of technical expertise in enterprise risk management and internal audit functions
Understanding of different phases of IT risk that includes risk governance, assessment and response
Experience in performing IT risk and control assessments to verify compliance with various regulatory requirements and standards
Experience in creating reports to monitor remediation of IT findings and issues
Experience in creating IT risk metrics for the management
Experience with ISO controls and processes
Enterprise knowledge such as firewall/server/database – patching/encryption/access control and cloud security best practices, etc.
Technical writing/Documentation skills
Well organized/multi-task abilities
Critical thinker with solid problem solving capabilities
Able to handle confrontation and/or difficult conversations in a professional manner
Excellent MS Office Skills (Excel, Word, Outlook, etc.)
Demonstrates a logical and structured approach to time management and task prioritization.
Strong verbal and written communication skills - Needs to speak, present, and provide well-supported fact based positions in compliance meetings
Ability to work under pressure and to strict deadline
Strong leadership abilities with an executive presence
Broad knowledge of IT Compliance and Regulatory requirements specific to confidentiality, financial and technical accountability.
Broad knowledge of IT Methodology, Guidelines and Procedures.
Broad knowledge of IT Security protocols and best practices.
Ability to multi-task with several complex and demanding concurrent projects.
Proven ability to lead Team Members across various projects.
Strong business acumen and communication skills (both written and oral).
Ability to clearly interpret and communicate the threats, risks and impacts to all levels of the organization.
Experience performing audits, security, vulnerability, penetration tests, or assessments and evaluations.
Must be authorized to work in the US without sponsorship
MBA, or Masters a plus
Project Management Professional (PMP) certification
Experience with RSA Archer GRC
Proven ability to lead, motivate and build teams that deliver services and solutions that surpass client expectations.
Previous experience leading and executing complex projects in challenging environments.
Excellent communication, organizational and time management skills with ability to manage multiple priorities and meet deadlines
Analytical and Detail Oriented
Action oriented and drive results
Adaptable to changing environment
Houston, Texas – Aldine Westfield Drive
Baker Hughes, a GE company is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law. Learn more at https://www.eeoc.gov/employers/upload/posterscreenreader_optimized.pdf
Locations: United States; Texas; HOUSTON
GE will only employ those who are legally authorized to work in the United States for this opening.