Job Summary

As the Information GRC Manager, you will be a critical part of the Papa Johns global information security team. We are looking for a thought leader in information governance, risk, and compliance to join us and expand our overall security program! As a highly visible and key member of the team, you’ll be responsible for the strategic and technical implementation that drives our data governance, audit, and vendor risk management efforts. You will ensure that our data practices conform to all legal and regulatory privacy and security requirements, and that all stakeholders understand and comply with requirements. The ideal candidate will not only have strong leadership in data governance, risk and compliance but will have the technical aptitude and creativity to implement training solutions, configure systems to label/classify data and set up data loss prevention technologies. This role will work closely with internal and external auditors to ensure we maintain our compliance certifications (eg: PCI, NIST, GLBA) and can effectively communicate and implement actionable strategies. If you are a proactive selfstarter and looking for a role that will allow you to roll up your sleeves and implement meaningful change, this could be the perfect fit!

Role Responsibilities

• This role will be responsible for leading and implementing tasks for global governance projects to ensure complete and accurate data inventories and establish and enforce retention policies and schedules.

• You will configure multiple systems to label, classify and establish compliance policies for sensitive and unstructured data at rest.

• You will configure and monitor data loss and establish exfiltration policies.

• Define, create, and implement data governance policies, standards, and procedures that address data, security, access, and usage.

• You will inventory unstructured data and develop data retention standards for all electronic and paper-based data. This will include leading multiple project activities cross functionally to ensure data is destroyed and deleted appropriately.

• The successful candidate will serve as a subject matter expert in the development, implementation and management of our current data governance framework and collaborate closely with various teams, reporting each month to the executive committee overall project plans and action items accomplished.

• Develop data governance training through newsletters, videos and in-person training.

Internal and External Audits

• You will be the main point of contact for all internal and external security compliance audits (PCI, NIST, GLBA, etc). You will provide evidence of compliance to auditors and ensure cross functional teams are meeting requirements prior to onsite audits.

• You will be extremely well versed in PCI for cloud-based solutions and can effectively communicate how the internal security teams, development teams and infrastructure technologies and processes meet compliance.

• Able to pull evidence from multiple tools including but not limited to logs, active directory, endpoint detection systems, and cloud-based configurations.

• Proactively stay informed of the latest legal, compliance and regulatory changes that impact the organization and assess for compliance with the continuously evolving requirements.

Third-party Vendor Management

• Evaluate and provide continuous monitoring for new and current third-party vendors ensuring minimum thresholds are maintained for security.

• Perform ad-hoc security metrics on vendor compliance as needed to support department needs.

• Work effectively with teammates and earn credibility from stakeholders by establishing and maintaining strong working relationships with business partners. • Foster relationships with senior management, across a range of functions including Internal Audit, Legal and Technology.

Other

• Assist the VP of Information Security and Compliance with reporting, metrics, and policy development as needed.

It is the policy of Papa John’s to provide equal employment opportunities for all applicants and team members without regard to race, color, religion, sex, age, marital status or civil partnership, national or ethnic origin, pregnancy or maternity, veteran status, uniformed service (as defined by 10 U.S.C. §101 (a)(5)), protected disability status, genetic information, sexual orientation, gender identity, gender reassignment, or gender expression, or any other characteristic protected by statute or law.