Associate Lead, Information Security And Governance

Why join us Our purpose is to design for the good of humankind It s the ideal we strive toward each day in everything we do Being a part of MillerKnoll means being a part of something larger than your work team or even your brand We are redefining modern for the 21st century And our success allows MillerKnoll to support causes that align with our values so we can build a more sustainable equitable and beautiful future for everyone Governance Risk and Compliance Engineer Purpose Profile The MillerKnoll Governance Risk and Compliance Engineer will work collaboratively with the global cross-functional teams to centrally perform Cybersecurity and Privacy compliance data governance and risk management functions The engineer will have primary responsibility for managing the GRC platform implementing API and automations to support the cybersecurity and privacy practices and investigate the use of AI to improve the GRC This position works closely with the Legal Internal Audit Cybersecurity and Technology teams to help ensure that contractual policy control procedural legal and regulatory obligations are effectively defined and implemented The engineer must be collaborative and flexible while developing solutions that meet changing cybersecurity and privacy requirements while supporting business function needs This individual will help grow and mature risk and compliance processes to gain efficiencies and effectiveness in collaboration with all departments to ensure an acceptable risk posture for the organization This position requires a deep understanding of existing data protection laws and regulations such as the EU-GDPR and CCPA CPRA but also be focused on broader implications of protections as a function of information system lifecycle management and security and privacy by design The engineer must possess high standards of legal and business ethics and a demonstrated ability to understand technology independently problem solve analyze large quantities of data and clearly summarize and communicate facts Essential Functions Managing the GRC platform and all its modules Develop of compliance automation to improve business processes Investigates AI opportunities to improve the GRC functions Implements APIs between OneTrust and other systems to support GRC Controls and requirements Collaborate with key business partners on use cases for the GRC platform Develop documentation on how to use the GRC platform Train business partners on how to use the GRC platform Interpret and apply laws regulations policies standards or procedures to specific issues Work cooperatively with applicable organization units in implanting consumer information access rights Serve as liaison for the GRC platform to the organization Support privacy initiatives through Data Discovery Monitor systems development and operations for security and privacy compliance Additional Functions Stay current with compliance news and trends relevant to the business and industry Participate in providing support for compliance-related incidents Interface with other business units such as Cybersecurity to communicate program status and overall compliance and training posture Promote a positive security compliance culture through knowledge sharing influences and conduct Create and maintain role-specific documentation Assist with our government risk and compliance projects as time permits Knowledge Skills and Abilities Knowledge of Payment Card Industry PCI data security standards Knowledge of Personally Identifiable Information PII data security standards Knowledge of Personal Health Information PHI data security standards Knowledge of Risk Management Framework RMF requirements Knowledge of risk threat assessment Knowledge of laws policies procedures or governance relevant to Cybersecurity for critical infrastructures Knowledge of external organizations and academic institutions with a cyber focus e g cyber curriculum training and Research Development Knowledge of controls related to data use processing storage and transmission Skill in applying confidentiality integrity and availability principles Skill in conducting information searches Ability to communicate effectively when writing Ability to apply critical reading thinking skills Interpret and apply laws regulations policies standards or procedures to specific issues Provide ongoing optimization and problem-solving support Provide recommendations for possible improvements and upgrades Ability to tailor technical and planning information to a customer s level of understanding Ability to work across departments and business units to implement the organization s privacy principles and programs and align privacy objectives with security objectives Qualifications Education Experience Bachelor in Information Systems Cybersecurity or Business administration 4 years of relevant experience in Internal Audit Compliance or Information Technology Overall 10 years of experience preferably leading a team coaching or mentoring peers Licenses and Certifications One or more compliance certifications are preferred e g CIPP CIPM CIPT PCIP QSA CISA Who We Hire Simply put we hire qualified applicants representing a wide range of backgrounds and abilities MillerKnoll is comprised of people of all abilities gender identities and expressions ages ethnicities sexual orientations veterans from every branch of military service and more Here you can bring your whole self to work We re committed to equal opportunity employment including veterans and people with disabilities MillerKnoll complies with applicable disability laws and makes reasonable accommodations for applicants and employees with disabilities If reasonable accommodation is needed to participate in the job application or interview process to perform essential job functions and or to receive other benefits and privileges of employment please contact MillerKnoll Talent Acquisition at