Information Security Compliance Manager

Who We Are:

Kontoor Brands, Inc. (KTB) is the parent company of Wrangler®, Lee® and Rock & Republic®, with owned manufacturing facilities in Mexico and Nicaragua. Kontoor also owns and operates over 140 retail stores across the globe. Our global company employs more than 15,000 people in 65 countries, with world headquarters in Greensboro, North Carolina, and regional headquarters in Geneva and Hong Kong.

Job Posting:

The Global Risk and Compliance team is looking for a Compliance & Privacy Manager to join their team.  This individual will work with the Director of GRC to develop IT compliance programs focused on SOX, PCI and Privacy regulations; oversees assessments and collaborates with cross-functional teams to maintain a strong compliance posture. Coordinates work of GRC analysts and cross functional IT teams to perform required reviews (access, SoD, etc), ensures processes are in place to address Privacy operations and provides requirements for data protection program.

This role also directs, delivers, and ensures delivery of training so staff members know how to maintain the compliance of their areas of responsibility.

Key Responsibilities:   

• Support Controller of Accounting & Reporting to develop and supply requirements for SAP GRC Rules (including mitigating controls) to IT IdAM Operations

• Performs or oversees information security assessment/analysis, mitigation and remediation. Advise in implementing solutions and mitigation plans for control deficiencies; regulatory and compliance gaps and make recommendations for process efficiencies.
• Conducts related ongoing security compliance monitoring activities in coordination with the organization’s other compliance and operational assessment functions.
• Partners with Information Security Awareness to oversee, develop and provide compliance training to the workforce. Educate and coach internal Technology teams on technology risk, audit, and control principles.
• Ensures timely completion of User Access, Privileged Access and Segregation of Duties and other control Reviews
• Collaborate cross-functionally with teams including Legal, Privacy, Internal Audit, IT Risk Management, IT Security, external consultants and auditors on assessments, process improvements, documenting standards and procedures, and ensuring deadlines are achieved.
• Support IT risk, audit, and compliance reporting via consolidated dashboards to aid in executive management decision making process. Identify and report metrics to IT leadership on monthly basis
• Maintain current knowledge of appliable global, federal, and state information security laws and accreditation standards.
• Maintain required administrative processes such as meetings, training, budgeting, status reporting, etc.
• Oversees work of GRC analysts to ensure timeliness and accuracy

Skills for Success:   

• Strong leadership, project and team-building skills, including the ability to lead teams and drive projects and initiatives across multiple departments.
• Ability to identify risks associated with business processes, operations, information security programs and technology projects.
• Ability to develop working relationships with the business, and a broad understanding of business processes in order to translate technical issues into business-related decision points.
• Strong critical thinking and analytical skill.
• Ability to drive tasks forward with limited direction.
• Exceptional communication and presentation skills with diverse audience.

Experience/Education: 

• InfoSec certifications including CISSP, CISA, and CISM are desired
• Bachelor’s degree in an IT, Information Security or Audit related field of study, or equivalent experience
• Working in information security and/or IT audit
• Experience as a PCI Qualified Security Assessor (QSA) is preferred
• Working knowledge of key industry standards and security regulatory frameworks (SOC 1, SOC 2, SOX, PCI, COBIT 5, ISO, NIST, etc.) is desired
• Practical experience supporting Sarbanes-Oxley (SOX) compliance
• Experience working in a company using SAP (knowledge of Access Management/GRC within SAP)
• Experience in a global retail environment is preferred
• General knowledge of EU, US and other regional Privacy and Financial regulations

Special Physical and/or Mental Requirements:   

• None  

#LI-remote

Why Kontoor Brands?

At Kontoor, we offer a comprehensive benefit package to fit your lifestyle and our benefits are crafted with the same care as our products.

When our employees are healthy, secure and well, they bring their best selves to work. Kontoor Brands supports you with a competitive benefits program that provides choice and flexibility to meet your and your family’s needs – now and in the future. We offer resources to support your physical, emotional, social and financial wellbeing, plus benefits like discounts on our apparel. Kontoor Brands also provides four weeks of Paid Parental Leave to eligible employees who are new parents, Flexible Fridays and tuition reimbursement.

Our Kontoor D&I Mission

At Kontoor, we believe that D&I is a key enabler to a culture that empowers us to work with passion and confidence, shaping our brand and future.  

Our Kontoor D&I Commitment

• Create a global workforce of high-performing teams that both unlocks our individual uniqueness and harnesses our collaborative talents
• Ensure an equitable environment that attracts & promotes diverse workforce
• Foster inclusivity, ensuring employees feel they can bring their whole selves to work