Information Security Risk

Information Security Risk & Compliance Specialist is seen as an individual contributor within their team. They are competent at managing their time, have interpersonal and collaboration skills. They do not manage other individuals and are typically managed. The decisions they make impact their team or specific area of support. As individual contributors, they are considered members of a group or team focused on delivering business goals by following structured processes and procedures to deliver results. They will work on mid to large-size tasks where they are responsible for the work - their contribution is measured by their ability to complete the work assigned to them. Their contribution is limited to the mid to large-size tasks assigned, and the success or failure to complete their work can impact others.

Key Responsibilities

• Preparation for International certification Standards Organization (ISO) 27001
• Participate in global risk management projects from planning through fieldwork and reporting
• Collaborate with the business to mitigate risk and drive actions that are pragmatic and achievable
• Review work papers, including planning documents and audit reports, to ensure clear identification of risks and issues
• Communicate review findings timely and collaborate with process owners to develop creative yet practical recommendations to remediate findings
• Develop and document risks for critical system elements, as appropriate
• Review and identifying IT processes for any significant issues and variances, initiating, where necessary, corrective actions, and ensuring that all outstanding issues are followed up
• Draft and publish security and risk management documents.
• Provide advice and input for Disaster Recovery, Contingency, and Continuity of Operations Plans.
• Provide risk management guidance for the development of the Disaster Recovery and Business Continuity of Operations Plans.
• Develop policy, programs, and guidelines for implementation.
• Provide recommendations for possible improvements and upgrades.
• Review, conduct, or participate in audits and risk assessments.
• Draft and publish security and risk management documents.
• Develop methods to monitor and measure risk, compliance, and assurance efforts.
• Interpret and apply applicable laws, statutes, and regulatory documents and integrate them into policy.
• Assess policy needs and collaborate with stakeholders to develop policies to govern cyber activities.

Qualifications

• 5 years+ of IT or a related discipline experience.
• Analytical and conceptual skills.
• Strong oral and written communication skills, including technical writing.
• Knowledge of a broad range of standards and frameworks — for example, International Standards Organization (ISO) 27001, IT Infrastructure Library, and ISO 20000 family.
• Knowledge of common risk management methodologies — for example, Control Objectives for
• Information and Related Technology and Committee of Sponsoring Organizations Enterprise Risk Management.
• Must have solid systems and process orientation.
• Ability to communicate clearly and concisely, both orally and in writing, and lead presentations, training courses, and effective meetings.
• Demonstrated experience in implementing and assessing SOX related standards, guidelines, and other regulatory mandates.
• Ability to solve complex technical, managerial, or operational problems and evaluate options based on relevant information, resources, well-rounded experience, and knowledge
• Must be comfortable working remotely and lack of face to face time with colleagues and
• A high degree of initiative, dependability, and ability to work with little supervision.

PPG pay ranges and benefits can vary by location which allows us to compensate employees competitively in different geographic markets. PPG considers several factors in making compensation decisions including, but not limited to, skill sets, experience and training, qualifications and education, licensure and certifications, and other organizational needs. Other incentives may apply.

Our employee benefits programs are designed to support the health and well-being of our employees. Any insurance coverages and benefits will be in accordance with the terms and conditions of the applicable plans and associated governing plan documents.

About us:

Here at PPG we make it happen, and we seek candidates of the highest integrity and professionalism who share our values, with the commitment and drive to strive today to do better than yesterday – everyday.

PPG: WE PROTECT AND BEAUTIFY THE WORLD

Through leadership in innovation, sustainability and color, PPG helps customers in industrial, transportation, consumer products, and construction markets and aftermarkets to enhance more surfaces in more ways than does any other company.. To learn more, visit and follow @ PPG on Twitter.

The PPG Way

Every single day at PPG:

We partner with customers to create mutual value.

We are "One PPG" to the world.

We trust our people every day, in every way.

We make it happen.

We run it like we own it.

We do better today than yesterday – everyday.

PPG provides equal opportunity to all candidates and employees. We offer an opportunity to grow and develop your career in an environment that provides a fulfilling workplace for employees, creates an environment for continuous learning, and embraces the ideas and diversity of others. All qualified applicants will receive consideration for employment without regard to sex, pregnancy, race, color, creed, religion, national origin, age, disability status, marital status, sexual orientation, gender identity or expression. If you need assistance to complete your application due to a disability, please email

PPG values your feedback on our recruiting process. We encourage you to visit and provide feedback on the process, so that we can do better today than yesterday.

Benefits will be discussed with you by your recruiter during the hiring process.