Associate Director, IT Compliance, Security & Risk Management

About The Position

Requirements

• Deep understanding of internal control frameworks (SOX, J-SOX, COBIT, NIST, ISO 27001).
• Working knowledge of cybersecurity tools, risk methodologies, and IT governance practices.
• Proficient in designing and operationalizing IT controls across infrastructure, applications, and cloud platforms.
• Experience leading cyber risk assessments, third-party/vendor risk programs, and audit readiness initiatives.
• Familiarity with IT asset management, vendor risk management, and contract compliance.
• Proven ability to lead cross-functional initiatives and influence at all levels of the organization.
• Strong analytical skills and problem-solving mindset.
• Excellent verbal and written communication skills, including executive briefings.
• High integrity, sound judgment, and ability to manage confidential and sensitive information.
• Bachelor’s degree in information technology, Computer Science, Business, or related field.
• 10+ years of experience in IT compliance, audit, cybersecurity, or IT risk management, preferably in regulated, global environments.
• Prior experience managing IT control programs and leading audits (J-SOX/SOX).
• Experience with GRC platforms and enterprise technologies (e.g., SAP, Salesforce, cloud environments).

Nice To Haves

• Master's degree or MBA preferred.
• Relevant certifications strongly preferred: CISA, CISSP, CISM, CRISC, or equivalent.

Responsibilities

• IT Compliance
• Lead the development and execution of SBC’s IT Internal Control Framework aligned with J-SOX, SOX, and other applicable regulations.
• Manage all phases of the J-SOX IT audit, working closely with Internal Audit, external auditors, and control owners.
• Implement and operate GRC tools to track control lifecycle, manage evidence, automate workflows, and generate reports.
• Establish and monitor IT governance policies covering system access, change management, segregation of duties, and configuration controls.
• Drive control self-assessments, issue remediation, and stakeholder accountability across IT and business teams.
• Prepare and deliver executive-level updates on compliance status, audit risks, and remediation progress to ELT and Board-level forums.
• Cyber Security
• Oversee day-to-day cybersecurity operations and threat management activities.
• Implement cybersecurity frameworks (e.g., NIST, ISO 27001) and ensure ongoing compliance with data protection regulations.
• Collaborate with infrastructure and application teams to secure systems, networks, and enterprise applications.
• Oversee cybersecurity awareness training, phishing simulation programs, and vulnerability remediation efforts.
• Lead incident response planning, testing, and execution in coordination with global cybersecurity teams.
• Establish and monitor key security metrics, perform risk assessments, and drive continuous security operations improvement initiatives.
• IT Risk Management
• Own the enterprise IT risk management framework, including periodic risk assessments, risk register management, and mitigation planning.
• Guide risk-informed decisions across new system implementations, SaaS onboarding, vendor engagements, and major IT projects.
• Collaborate with legal, procurement, and business functions to integrate IT risk considerations into contracts, licensing, and regulatory reviews.
• Collaborate with business and IT stakeholders to implement effective mitigation strategies.
• Support regional and global IT risk and compliance alignment initiatives.
• Ensure alignment with regional/global risk management practices and support Sumitomo Chemical Americas compliance initiatives.

Benefits

• High-quality healthcare coverage starting on day one, with options for medical (HSA/HRA), vision, and dental plans
• 5% company contribution to your 401(k), plus a quarterly discretionary bonus
• Immediate 100% vesting of all retirement contributions
• Financial assistance programs to support your goals
• Life and disability insurance for added security
• Generous paid time off, including vacation, holidays, and volunteer days
• Flexible work arrangements available