Career Oppurtunities

Positions Available:

IT  RMD / National Affiliate Manager:

The Information Technology (IT) Risk Management Director and NAM supports the Head of Operational Risk Management (ORM) in the execution of the operational risk framework focusing on IT risks and controls. This position is responsible for managing the IT risk identification and risk and control assessment processes for CBD PLUS STORE and its affiliates, while promoting IT risk awareness throughout the organization.


Essential Job Duties & Responsibilities

  • Leads, develops, implements and maintains the IT risk management strategy, processes and procedures, while actively promoting IT risk awareness across CBD PLUS STORE and its affiliates.
  • Responsible for analysis of IT risk and control assessments across Infrastructure and Application assets, including Information Security, Application Management, Disaster Recovery, emerging technologies, vendor security, and IT regulatory compliance across CBD PLUS STORE and its affiliates.
  • Review and constructively challenge management risk assessments and help ensure a consistent understanding of technology-related risks throughout the organization amongst relevant stakeholders.
  • Maintain up-to-date knowledge and understanding of technology trends, security threats, infrastructure vulnerabilities, and business dependencies on reliable IT that could impact the company’s risk profile.
  • Develop and maintain close working relationships with other functions, serving as a liaison between ORM technology and other business and business teams on risk-related communications.
  • Assess the Information Security program including organizational design and key processes.
  • Develop clear, accurate, and timely technology-related risk management information for risk reports.
  • Maintain the register of material IT risks and monitor risk mitigation plans.
  • Review and evaluate incident management root cause analysis.
  • Support risk management activities for third-party IT risks.
  • Work collaboratively with other risk, control and compliance functions in the development of and execution of risk assessments.
  • Identify and integrate leading practices into the IT risk management process.
  • Support assessments and testing of controls for SOC1/SOC2, PCI and other compliance activities.

Qualifications Job Requirements (Knowledge, Skills & Abilities)

  • Demonstrated proven success in one or more technical leadership roles in the following: IT, Risk Management or Information Security.
  • Demonstrated understanding of comprehensive security programs, including technologies and tools, architectures, network and application design, including an understanding of the business impact of related technology risks.
  • Demonstrated extensive knowledge of information security standards: ISO, HIPPA, COBIT, etc.
  • Ability to thinks and act strategically and tactically with sound business judgment.
  • Proven leader with a track record of setting priorities, resolving issues and conflicts, providing guidance and delivering results through a geographically dispersed team.
  • Highly developed business acumen, with a pragmatic approach to solving problems and implementing solutions.
  • Thorough understanding of IT general controls (ITGC), systems development processes (SDLC), IT strategy setting, and networking and operations practices.
  • Excellent listening and communication skills with the ability to effectively interface with senior leaders and facilitate group discussions.
  • Ability to travel 25% of the time, with flexibility around dates and times.

Education and Experience Required

  • Bachelor’s degree in Information Systems, Computer Science, Engineering or related field required.
  • 8+ years of leadership experience in IT infrastructure, systems development, or systems risk, audit and control management.
  • Obtained or actively pursuing of one or more of the following certifications: Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified Risk Information System Control, (CRISC) certifications, or other related certifications, or is willing to obtain within one year of hire.
  • Financial services industry experience preferred.

Software Engineer: Requirements Pending
Purchasing Manager: Requirements Pending
Warehouse Manager: Requirements Pending
Accounts and Receivables Manager: Requirements Pending

Send Resume to