Manager of Information Security
About the role
The Area:
The Information Security department is responsible for setting enterprise security policies and standards that are designed to protect the confidentiality, integrity and availability of Morningstar information. The security team offers guidance and technical expertise in areas like application security, policies and procedures, disaster recovery and compliance/regulation. We analyze emerging security threats and conduct risk and vulnerability assessments to ensure that our information remains secure.
The Role:
The IT Compliance Manager’s primary focus is to lead and manage the Information Security Compliance team’s effort and activities to ensure information security compliance, privacy and protection across Morningstar. This individual will act as a liaison between Information Security and the Business regarding compliance related issues and activities, execute compliance status reporting and metrics, lead the third-party risk management program, lead internal and external IT auditing processes, monitor information security and IT processes for compliance and policy issues and collaborate on risk vulnerability assessments. Provides technical expertise in all aspects of enterprise information security compliance for all applicable regulations. This role requires an individual who is well rounded – an exceptional multitasker, an effective communicator, is proactive, analytical and detail-oriented, possessing both strong technical and business skills and, operates well under pressure. This position is based in either our Chicago or Toronto office.
Responsibilities
- Lead, manage and support Morningstar’s current and future compliance related responsibilities (SOX, SOC2, PCI)
- Monitor and enforce compliance to information security and compliance policies and standards
- Execute audit tests; identify issues and areas for improvement in efficiency and effectiveness of information technology operations
- Document and manage security / policy / compliance exceptions where necessary
- Manage periodic reviews of security policies, processes and procedures
- Lead and manage the third-party risk management program
- Conduct relevant contract reviews for client security contracts
- Lead and directly manage a team of information security compliance analysts
- Liaise with Morningstar’s third-party audit personnel including internal, external, and client auditors and facilitate audits as required
- Ensure Morningstar processes are efficient and effective, and procedures are up-to-date, relevant, and adhere to compliance standards
- Plan, present and drive the strategic information security compliance program for Morningstar
Requirements
- A bachelor’s degree and 5+ years’ experience in a risk, compliance or IT auditor role
- Strong leadership and team development skills, with experience managing cross-functional and global teams.
- Excellent communication skills and a familiarity with common compliance standards (SOX, SOC2, PCI-DSS, GDPR, SEC, etc.)
- Demonstrated knowledge and experience in the implementation of governance frameworks and security risk management processes, such as NIST, ISO, and COBIT guidelines and standards
- Strong organizational skills and the ability to multitask and switch priorities with short notice
- Strong business analysis, research and analytical skills
- Excellent communication skills and a strong understanding of information security fundamentals
- Availability to work off business hours as required
Preferred
- Relevant security certifications (CISSP, CISM, or CIPP)
- 3+ years’ experience directly managing personnel, including hiring, developing, motivating, and directing people as they work
##Base Salary Compensation Range
$112,583.00-162,125.00
Incentive Target Percentage
20% Annual
Morningstar's hybrid work environment gives you the opportunity to collaborate in-person each week as we've found that we're at our best when we're purposely together on a regular basis. In most of our locations, our hybrid work model is four days in-office each week. A range of other benefits are also available to enhance flexibility as needs change. No matter where you are, you'll have tools and resources to engage meaningfully with your global colleagues.
100_MstarResCanad Morningstar Research, Inc. (Canada) Legal Entity
Not the right fit? Search for Information Security jobs in Toronto, ON
About Morningstar
Morningstar, Inc. is a leading provider of independent investment insights in North America, Europe, Australia, and Asia. The Company offers an extensive line of products and solutions that serve a wide range of market participants, including individual and institutional investors in public and private capital markets, financial advisors and wealth managers, asset managers, retirement plan providers and sponsors, and issuers of fixed-income securities. Morningstar provides data and research insights on a wide range of investment offerings, including managed investment products, publicly listed companies, private capital markets, debt securities, and real-time global market data. Morningstar also offers investment management services through its investment advisory subsidiaries, with approximately $328 billion in AUMA as of Sept. 30, 2024. The Company operates through wholly-owned subsidiaries in 32 countries.
Similar jobs you might like
Manager of Information Security
About the role
The Area:
The Information Security department is responsible for setting enterprise security policies and standards that are designed to protect the confidentiality, integrity and availability of Morningstar information. The security team offers guidance and technical expertise in areas like application security, policies and procedures, disaster recovery and compliance/regulation. We analyze emerging security threats and conduct risk and vulnerability assessments to ensure that our information remains secure.
The Role:
The IT Compliance Manager’s primary focus is to lead and manage the Information Security Compliance team’s effort and activities to ensure information security compliance, privacy and protection across Morningstar. This individual will act as a liaison between Information Security and the Business regarding compliance related issues and activities, execute compliance status reporting and metrics, lead the third-party risk management program, lead internal and external IT auditing processes, monitor information security and IT processes for compliance and policy issues and collaborate on risk vulnerability assessments. Provides technical expertise in all aspects of enterprise information security compliance for all applicable regulations. This role requires an individual who is well rounded – an exceptional multitasker, an effective communicator, is proactive, analytical and detail-oriented, possessing both strong technical and business skills and, operates well under pressure. This position is based in either our Chicago or Toronto office.
Responsibilities
- Lead, manage and support Morningstar’s current and future compliance related responsibilities (SOX, SOC2, PCI)
- Monitor and enforce compliance to information security and compliance policies and standards
- Execute audit tests; identify issues and areas for improvement in efficiency and effectiveness of information technology operations
- Document and manage security / policy / compliance exceptions where necessary
- Manage periodic reviews of security policies, processes and procedures
- Lead and manage the third-party risk management program
- Conduct relevant contract reviews for client security contracts
- Lead and directly manage a team of information security compliance analysts
- Liaise with Morningstar’s third-party audit personnel including internal, external, and client auditors and facilitate audits as required
- Ensure Morningstar processes are efficient and effective, and procedures are up-to-date, relevant, and adhere to compliance standards
- Plan, present and drive the strategic information security compliance program for Morningstar
Requirements
- A bachelor’s degree and 5+ years’ experience in a risk, compliance or IT auditor role
- Strong leadership and team development skills, with experience managing cross-functional and global teams.
- Excellent communication skills and a familiarity with common compliance standards (SOX, SOC2, PCI-DSS, GDPR, SEC, etc.)
- Demonstrated knowledge and experience in the implementation of governance frameworks and security risk management processes, such as NIST, ISO, and COBIT guidelines and standards
- Strong organizational skills and the ability to multitask and switch priorities with short notice
- Strong business analysis, research and analytical skills
- Excellent communication skills and a strong understanding of information security fundamentals
- Availability to work off business hours as required
Preferred
- Relevant security certifications (CISSP, CISM, or CIPP)
- 3+ years’ experience directly managing personnel, including hiring, developing, motivating, and directing people as they work
##Base Salary Compensation Range
$112,583.00-162,125.00
Incentive Target Percentage
20% Annual
Morningstar's hybrid work environment gives you the opportunity to collaborate in-person each week as we've found that we're at our best when we're purposely together on a regular basis. In most of our locations, our hybrid work model is four days in-office each week. A range of other benefits are also available to enhance flexibility as needs change. No matter where you are, you'll have tools and resources to engage meaningfully with your global colleagues.
100_MstarResCanad Morningstar Research, Inc. (Canada) Legal Entity
Not the right fit? Search for Information Security jobs in Toronto, ON
About Morningstar
Morningstar, Inc. is a leading provider of independent investment insights in North America, Europe, Australia, and Asia. The Company offers an extensive line of products and solutions that serve a wide range of market participants, including individual and institutional investors in public and private capital markets, financial advisors and wealth managers, asset managers, retirement plan providers and sponsors, and issuers of fixed-income securities. Morningstar provides data and research insights on a wide range of investment offerings, including managed investment products, publicly listed companies, private capital markets, debt securities, and real-time global market data. Morningstar also offers investment management services through its investment advisory subsidiaries, with approximately $328 billion in AUMA as of Sept. 30, 2024. The Company operates through wholly-owned subsidiaries in 32 countries.