A mutually rewarding experience.
Work. Realize your ambitions. And realize there's more to being in business than just making a profit. That's the Mars philosophy. And the opportunity we offer every one of our Associates. An opportunity to take what you do and make it mean more for you, for those around you and for the planet. What you get here is challenging, interesting work. You get the tools you need to do a great job and you get to have the best possible people on your side to help you do it. And at the same time as getting to find ways to do business better today than we did it yesterday and driving a great career, you also get to build a more enlightened business and drive sustainability.
Because it's never just about a single person, a single project or a single brand. It's about how you can grab everything that's within your reach here and use it to pursue mutual, long-term gain. It's about having ideas. And ideals. Being prepared to risk failure because the promise of success means we'll all be a little better off. It's that mix of integrity and ambition that makes Mars such a special place to work. And why working here is always about more than just a job. About Mars, Incorporated
Mars is a family-owned business with more than a century of history making diverse products and offering services for people and the pets people love. With almost $35 billion in sales, the company is a global business that produces some of the world's best-loved brands: M&M's, SNICKERS, TWIX, MILKY WAY, DOVE, PEDIGREE, ROYAL CANIN, WHISKAS, EXTRA, ORBIT, 5, SKITTLES, UNCLE BEN'S, MARS DRINKS and COCOAVIA. Mars also provides veterinary health services that include BANFIELD Pet Hospitals, Blue Pearl, VCA and Pet Partners. Headquartered in McLean, VA, Mars operates in more than 80 countries. The Mars Five Principles - Quality, Responsibility, Mutuality, Efficiency and Freedom - inspire its more than 100,000 Associates to create value for all its partners and deliver growth they are proud of every day. ***Role can sit in Chicago, IL or Mt. Olive, NJ***
Mars IS Security Governance exists to assess, communicate, and reduce risk to the Business. This requires deep & current expertise in the underlying technology, an up-to-date understanding of the industry & legal mandates, and strong background in securing a global enterprise.
Traditional Mars IS roles are only scoped for Units that buy services from Mars IS. Security roles are scoped for all of Mars
. This includes non-traditional lines of business, such as Multi-Level Marketing, Emerging PetCare, and Veterinary Services. Governing these \"non-Mars IS\" Units requires skill sets in technology that are not standard to Mars and influencing skills not required of other parts of the organization.
This role is to evaluate and understand the threat landscape on a Global/segment basis as required, and to be a deep, subject matter expert capable of providing input into programs as countermeasures to the emerging threats. This role focuses on risk related to compliance with Audit Standards, Payment Card Industry Standards, Policy, and Standards.
- Audit Program
- To have accountability for developing and enhancing the Mars IS controls framework
- Responsibility for educating control owners on the controls framework
- Leading control owners through the process of developing control processes to meet Mars control objectives
- Creating and communicating quarterly reports on audit program compliance to key stakeholder groups up to and including:
- Information Risk Council (Chief Information Officer, Chief Compliance Officer, Chief Privacy Officer, Corporate Controller, Corporate P&O, Corporate Security)
- IT Audit Steering Group (Internal Audit Director, IT Audit Director, Corporate Controller, Financial Controls Director, Information Security Director, Core Services Director)
- Payment Card Industries (PCI) Standards
- To provide a Learning and Development intervention where required to educate Mars (and 3rd Party) associates on our PCI program, its requirements, and Mars strategies for compliance
- To develop processes to standardize collection and reporting of compliance related materials.
- To lead PCI related projects (such as gap assessments, annual audits, and assessments of new acquisitions)
- To act as a subject matter expert for the EMEAI and Asia-Pacific regions for security governance, risk mitigation and risk analysis
- To participate in steering groups to provide security requirements for major projects (i.e. user access review, controls framework, security exceptions, and identity management) and to contribute to the security elements in the IT Operating Model in order to minimize security risks across the organisation
- Acts as a key technical expert to the creation of Mars policy development and attestation. This responsibility has a global scale.
Context and Scope:
- The role-holder needs to be a true subject matter expert, while also processing strong communication skills in order to articulate technical messages in a comprehensive and conveying way to varying groups of stakeholders.
- The associate needs to ensure the right level of risk mitigation/management in accordance with global standards and Mars tolerance for risk.
- It is imperative that the position can also explain the 'why' in terms of connecting Security requirements to our Mars Inc. strategies and the business benefits and risk mitigation that this creates
- The role-holder needs to be able to drive stakeholders to compliance, without introducing undue risk to Mars.
- It is essential that they can act independently and define risk posture in line with corporate risk appetite.
- The role-holder needs to have an in-depth knowledge of the operating environment in specific countries and a comprehensive understanding of the legal/legislative framework in each territory.
Education & Professional Qualification:
- Bachelor Degree or equivalent
- Candidate should have circa 10 years of experience in IT and Information Security. This experience should be across domains such as Infrastructure, Application Security, Identity, Authentication, and Audit.
- Candidate should have experience in designing and implementing information solutions.
- Three to five years' experience as in either CPG or information risk governance preferred
- Strong Communication / Presentation / Informing with good evidence of influencing stakeholders and transmitting an engaging vision and strategy to others
- Strong Business Acumen of the FMCG/CPG industry is preferable.
Mars is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability status, protected veteran status, or any other characteristic protected by law. If you need assistance or an accommodation during the application process because of a disability, it is available upon request. The company is pleased to provide such assistance, and no applicant will be penalized as a result of such a request.