Risk and Compliance Specialist
London, ON or New York, NY Hybrid
Who we are:
Founded in 2012, automotiveMastermind is a leading provider of predictive analytics and marketing automation solutions for the automotive industry and believes that technology can transform data, revealing key customer insights to accurately predict automotive sales. Through its proprietary automated sales and marketing platform, Mastermind, the company empowers dealers to close more deals by predicting future buyers and consistently marketing to them. automotiveMastermind is headquartered in New York City. For more information, visit automotivemastermind.com.
At automotiveMastermind, we thrive on high energy at high speed. We’re an organization in hyper-growth mode and have a fast-paced culture to match. Our highly engaged teams feel passionately about both our product and our people. This passion is what continues to motivate and challenge our teams to be best-in-class. Our cultural values of “Drive” and “Help” have been at the core of what we do, and how we have built our culture through the years. This cultural framework inspires a passion for success while collaborating to win.
What we do:
Through our proprietary automated sales and marketing platform, Mastermind, we empower dealers to close more deals by predicting future buyers and consistently marketing to them. In short, we help automotive dealerships generate success in their loyalty, service, and conquest portfolios through a combination of turnkey predictive analytics, proactive marketing, and dedicated consultative services.
What you will do:
We are looking for an experienced Risk and Compliance Specialist to review our risk profile, develop and implement new risk management policies and procedures. In this role, you will work to identify risks that could impair our reputation, information security, or general operations and suggest ways to mitigate or eliminate them entirely. You will ensure that our company remains fully compliant with relevant local, state, and federal regulations for our industry. Annual compliance responsibilities ensures the organization complies with SOC 2 and ISO 27001 frameworks as it relates to Security, Privacy, Processing Integrity, Confidentiality, Availability. Technologies in scope includes computer systems, infrastructure, applications, IT systems and networks. As a Risk and Compliance Specialist, you will be responsible for managing all aspects of risk to the organization, its employees, clients, reputation, assets and interests of stakeholders. Specific risk areas include, corporate governance, information security, regulatory compliance, insurance, and operational risk. The Risk and Compliance Specialist will report directly to the VP, Information Security Systems and Technology.
A Successful Risk and Compliance Specialist will:
Design, implement and lead a global risk management strategy for the organization supporting annual SOC 2 and ISO 27001 frameworks
Collaborate with IT, Legal, HR, InfoSec, Architecture and DevSec Operations embedding a risk aware culture throughout the org
Establish and quantify the organization’s 'risk appetite' and ensure risk approach adheres accordingly
Perform annual Risk Assessments, Business Impact Analysis, Risk Acceptance Criteria, Quarterly UAR
Develop Risk Treatment Plans and Mitigation Strategies reducing overall risk profile
Oversee 3rd Party Risk Governance, identify critical/high operational dependencies and report scorecards
Perform 3rd party risk assessments leveraging Standard Information Gathering questionnaires
Monitor and report Key Risk Indicators measured based on likelihood, impact and risk
Facilitate annual internal audit via parent company and/or 3rd party assessments
Develop and implement security policies, standards, and procedures; eg Risk Assessment, Vendor Management
Horizon scan to increase awareness of risks affecting the business and emerging trends
Ensure compliance with regulatory obligations while taking a commercial and practical approach to risk based challenges and offer appropriate solutions
Ensure senior management remain informed of regulatory, legislative and best practice changes and their obligations under these changes and how they impact the org
Provide regular reports to boards, risk liaison teams, and other relevant bodies detailing any current issues or information as required
Corporate governance involving external risk reporting to stakeholders
Ensure minimum insurance requirements and liabilities are met prior to finalizing agreements
Providing support, education and training to staff to build risk awareness within the organization.
Provision of proactive and practical regulatory advice to business managers and support functions
Manage the successful delivery of compliance projects ensuring technical excellence and a practical/business driven approach.
Work closely with key stakeholders to understand the business requirement for projects, develop effective working relationships during project implementation and ensure business as usual ownership is understood by management
Minimum Requirements:
Bachelor’s degree in Risk Management, Human Resources, or a related field
Minimum 4 years of experience in Risk Management, Compliance, or similar areas
Expert knowledge of CCPA, VCDPA, CPA and evolving regulatory environment both onshore and offshore covering all service lines offerings
Must have an understanding of US privacy laws and and State level privacy regulations
Must be able to demonstrate a broad technical knowledge and expertise covering conduct of business matters, corporate governance matters and regulatory risk and regulatory change matters
Practical and commercial approach to problem solving
Experience of influence behaviors at all levels of the organization
Proven track record of delivering enhancements to process efficiency
Ability to produce and present effective presentations and training sessions.
Governance, Risk and Compliance Professional certification (GRCP), Certified Information Systems Security Professional (CISSP), Certified in the Governance of Enterprise IT (CGEIT), Certified in Risk and Information Systems Control (CRISC)
Compensation/Benefits Information (US Applicants Only):
S&P Global states that the anticipated base salary range for this position is $51,000 to $102,000. Final base salary for this role will be based on the individual’s geographical location as well as experience and qualifications for the role.
In addition to base compensation, this role is eligible for an annual incentive plan.
This role is eligible to receive additional S&P Global benefits. For more information on the benefits we provide to our employees, visit link https://spgbenefits.com/benefit-summaries/us
Expected Hours of Work:
This is a full-time position. Generally, work is performed Monday through Friday, though holidays and weekends may be required.
We believe in equal employment opportunities:
The company provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, the company complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.
The company expressly prohibits any form of workplace harassment based on race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, genetic information, disability, or veteran status. Improper interference with the ability of the company’s employees to perform their job duties may result in disciplinary actions up to and including discharge.
-----------------------------------------------------------
Equal Opportunity Employer
S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law. Only electronic job submissions will be considered for employment.
-----------------------------------------------------------
20 - Professional (EEO-2 Job Categories-United States of America), IFTECH202.1 - Middle Professional Tier I (EEO Job Group)
Job ID: 290193
Posted On: 2023-08-22
Location: London, Ontario, Canada