Espec TI Gov, Risco e Compliance
Candidatar-se agora »Data: 6 de dez. de 2024
Localização: Sao Paulo, São Paulo, BR, 05423-010
Empresa: Bunge
Bunge has an exciting opportunity available for Specialist, Governance, Risk and Compliance. In this role you will be part of a global team working on challenging, meaningful projects impacting core business activities. Since 1818, Bunge has been connecting farmers to consumers to deliver essential food, feed, and fuel to the world. Looking to the future, our ambition is to continuously reinvent ourselves, leveraging data to be at the forefront of analytics, technology and talent to accomplish our purpose in a better, faster and simpler way. Bunge is committed to operating and thriving in the digital world – creating world class agile teams where teammates are empowered and encouraged to collaborate and test and learn to succeed.
At Bunge, people don’t just come here to work, they come here to grow – solving challenges that directly impact the world with a diverse team of thinkers and doers. Bunge offers a strong compensation and benefits package, generous paid time off program, flexible work arrangements, and opportunity to progress. Our hybrid work environment provides a balance of in-office and remote work.
Most importantly, in all we do we live our values:
Act as One Team by fostering inclusion, collaboration, and respect
Drive for Excellence by being agile, innovative and efficient
Do What's Right by acting safely, ethically, and sustainably
Overview
The Specialist, Governance, Risk and Compliance demonstrates a high level of professionalism, prioritizing the effective management of cybersecurity governance, risk, and compliance activities. This role will perform, and continuously improve the governance of policies and standards and their integration into processes and controls designed to deliver critical BT services and aligned with applicable industry best practices and standards (e.g., NIST, ISO, COBIT, PCI DSS). This role will perform, and continuously improve Risk Management assessments, risk registration, prioritized risk remediation, third party and application evaluations, and will maintain the risk register in Bunge’s Governance, Risk and Compliance automation to support the overall effectiveness of the BT organization.
Essential Functions
- Serve as liaison to coordinate Governance, Risk, and Compliance activities with key stakeholders to enable effective Cybersecurity policies and standards, exceptions management, enablement and training, and the alignment against applicable industry best practices (e.g. NIST, ISO, COBIT, PCI DSS) as needed. Facilitate effective audits, compliance reviews, and other internal control-based activities for the Business Technology (BT) organization. Ensure proper engagement, effective root cause analysis, and the development of meaningful and sustainable management action plans.
- Implement and perform periodic internal control testing procedures and maturity assessments to evaluate the operating effectiveness of BT and Cybersecurity internal controls and related capabilities.
- Define and identify control gaps, provide recommendations for control process improvements, and support control owners’ corrective action plans for remediation.
- Implement and perform compliance and controls assurance processes and procedures to mitigate risks and ensure adherence to regulatory requirements.
- Conduct risk assessments, internal audits, and investigations to identify and address potential compliance issues.
- Develop content for comprehensive cybersecurity awareness programs and initiatives to educate employees and stakeholders about cybersecurity risks and best practices.
- Effectively utilize process automation and reporting through Bunge’s Governance, Risk and Compliance (GRC) automation.
- Actively collaborate and support partner functions across Bunge’s Governance, Risk and Compliance functions, and with stakeholders throughout BT and Cybersecurity.
- Executes short to mid-term strategic initiatives driven by the department, including collaboration with partner Governance, Risk and Compliance functions.
- Recognized as an expert, both internally & external to Bunge in the design, performance and continuous improvement of governance, risk and compliance related services and capabilities.
- Supports BT compliance with legal and regulatory requirements and adherence to internal control objectives, minimizing BT and Cybersecurity risk & avoiding potential penalties to the organization.
- Works closely with business units to identify and address compliance gaps, helping to protect the company from financial, legal, and reputational risks.
- Supports the evaluation, prioritization, registration, monitoring, and mitigation of of risks and compliance and control deficiencies through collaboration with various functions within BT and across various Bunge business stakeholder groups (e.g., Internal Audit, Legal, Compliance, Privacy).
- Provides valuable insights and recommendations to enhance the compliance framework and promote a culture of compliance throughout the organization.
- Leverage industry experience and knowledge of applicable best practices, frameworks, and guidance to define effective programs, monitor and strengthen internal controls, risk-prioritize requisite remediation, and to improve the overall posture of Bunge’s BT and Cybersecurity internal control environment.
- Solve highly complex, multidimensional problems that require extensive investigation and advanced application of expertise to determine root cause, to advise leadership on appropriate remediation methods, and to mitigate or remediate internal controls to an acceptable level of residual risk, across various functional areas of Business Technology and Cybersecurity, including longstanding or unprecedented improvements without a historical precedent.
- Leverage both a measured reactive and a deliberate proactive approach to the assurance and continuous improvement of BT and Cybersecurity internal controls, staying informed of emerging industry trends and techniques and changes in regulations to ensure continuous compliance.
- Effectively partner with colleagues within Bunge’s Governance, Risk and Compliance function, across BT and Cybersecurity, and with various business stakeholders to ensure the adequacy and sufficiency of internal controls and supporting capabilities.
- Actively contribute to large global projects that include governance, risk and compliance related capabilities and scope to ensure adherence to applicable policies, assurance of control performance, and the achievement of team and program goals.
- Partner with critical stakeholders during audits, risk assessments, compliance reviews, and other internal control-based activities to ensure proper engagement, effective root cause analysis, and the development of meaningful and sustainable management action plans.
- Supports the remediation of compliance and control deficiencies through collaboration with various functions within BT and across various Bunge business stakeholder groups (e.g., Internal Audit, Legal, Compliance, Privacy).
- Educate BT leadership and functional areas about design adequacy, operating effectiveness, and techniques to ensure continuous compliance and improvement.
Qualifications
- Bachelor's degree in computer science or information systems, risk management, accounting, finance, or equivalent combination of education and work experience.
- 7+ years of experience in compliance and controls assurance, internal audit, or a related field.
- Extensive knowledge of Sarbanes-Oxley compliance required.
- Knowledge of Payment Card Industry (PCI) compliance, GDPR (General Data Protection Regulation) compliance or other applicable compliance programs preferred.
- Demonstrated experience in the monitoring and improvement of Information Technology general controls, Cybersecurity controls, and/or compliance programs required.
- Solid understanding of Governance, Risk and Compliance methodologies and effective automation through GRC tooling. Experience with Archer GRC preferred.
- Proven experience implementing Information Technology and Cybersecurity frameworks required. Possible examples include, but not limited to: COBIT, NIST CSF, ISO 27k.
- Certifications such as CIA, CISA, CGEIT, CISSP preferred.
- Ability to manage and execute numerous parallel activities in a fast-paced, dynamic environment.
- Ability to build and maintain constructive and collaborative working relationships with a diverse community throughout the organization.
- Ability to effectively communicate in both written and verbal manner to influence both technical and non-technical audiences at all levels of the company including executives.
- Excellent analytical and problem-solving skills
- Actively shapes our company culture (e.g., supporting employee resource groups, mentoring employees, volunteering, joining cross-functional projects)
- Champions our cultural norms (e.g., willing to have cameras when it matters, helping onboard new team members, building relationships, etc.)
- Demonstrate a company ownership mindset, thinking beyond boundaries of their own area
- Ability to work with limited direct management to participate in governance, risk and compliance related efforts, improve practices, coordinate cross functional activities and to successfully deliver strategic outcomes.
- Recognized as an expert in internal controls, effective demonstration of compliance, and applicable remediation and mitigation techniques within the organization.
- Can apply both a measured reactive and a deliberate proactive approach to the assurance and continuous improvement of BT and Cybersecurity internal controls, staying informed of emerging industry trends and techniques and changes in regulations to ensure continuous compliance.
- Leverage industry experience and knowledge of applicable best practices (e.g., COBIT, NIST CSF, ISO 27k) frameworks, and guidance to establish effective governance, strengthen internal controls, risk-prioritize requisite remediation, and to improve the overall posture of Bunge’s BT and Cybersecurity programs.
- Apply expertise to determine root cause, to advise leadership on appropriate remediation methods, and to mitigate or remediate internal controls to an acceptable level of residual risk, across various functional areas of Business Technology and Cybersecurity, including longstanding or unprecedented improvements without a historical precedent.
- Ability to work independently and as part of a cross functional team.