Title:  IT/OT Risk and Compliance Leader

Requisition ID:  20586-159

Atlanta, GA, US, 30328

Category:  Information Technology
Travel:  Up to 50%

Position Summary

As Lead, Operational Technology (OT) Risk & Compliance, you will be responsible for ensuring the organization is effectively designing, developing, and implementing security compliance controls and solutions. You will engage with stakeholders across the enterprise on all aspects of security and governance, management of policies, implementation and monitoring of controls, and management of remediation activities. The position will work closely with Information Technology, Commercial Software partners, and IT and OT Operations along with the business to ensure there is a consistent and common approach to implementation of security and compliance management activities. The scope of services will include working with the Information Technology, Identity and Access Management, SOX, ISO 27001, and Cyber Risk Monitoring and Compliance areas to apply common practices and principles to the OT operations space.


Policy and Governance

  • Develops and maintains information security policies, standards, procedures, and guidelines in accordance with the overarching Information Security Risk Framework.
  • Collaborates with GPI mill and plant departments to ensure security policies and procedures are properly interpreted and implemented.
  • Develops and reports security risk and compliance metrics for the enterprise, departments, processes, and individual assets for the OT operations space.
  • Collect and manage monthly security and risk KPI data; analyze and facilitate discussion with the business areas.

Audit and Compliance

  • Supports ongoing compliance activities and monitoring efforts across applicable Regulations and Standards (e.g. SOX, GDPR, SOC2, etc.).
  • Engages process control owners to map compliance standards, evaluate deficiencies, investigate root causes, and track execution until remediation.
  • Work with cross-functional teams to deliver on the enterprise’s data privacy, management, and data retention policies.
  • Coordinate with internal and external audit teams to fulfill requirements and obligations.

Security Operations

  • Collaborate with cross-functional teams to implement compliance initiatives and security controls in alignment to GPI standards.
  • Monitor and track activities related to control remediation or corrective action. Partner with plant and mill business teams and IT teams to develop and deliver risk mitigation plans, implement additional control activities, or document risk acceptance.

Risk Management

  • Works with team on the completion of annual enterprise security risk assessment processes associated to mill and plant security controls.
  • Facilitates third-party risk management program in partnership with cross-functional teams, including:
    • Completes customer security risk assessment questionnaires.
    • Collect and review of relevant vendor security attestations.

Requirements & Qualifications:

  • Bachelor's degree required, preferably in computer science, information systems, or equivalent.
  • 3 years of IT Audit, IT Risk Management, or IT Compliance experience.
  • 3 years hands-on experience with IT security audit and/or compliance experience.
  • Exceptional planning, organization, communication, presentation, multitasking, prioritization, and business analysis skills.
  • Extensive knowledge and understanding of IT regulatory control frameworks (ITIL, COBIT, etc.).
  • Possess strong working knowledge of information security standards and frameworks (NIST, ISO, SOC, etc.).
  • Experience working with outsourced organizations and third-party vendors preferred.
  • Advanced written and verbal communication skills.
  • Strong interpersonal skills.
  • Strong analytical skills and the ability to understand and document complex business process data flow.
  • Previous experience in the manufacturing industry

Travel Requirements: 

>25% travel expected to various GPI manufacturing facilities


Required Experience




 At Graphic Packaging International (NYSE: GPK), we produce the box you may have poured your child's cereal from this morning, the microwaveable tray that heated your lunch, the paper cup that held your coffee throughout the day, and the carrier of those bottles of craft beer you may enjoy tonight! We're one of the largest manufacturers of paperboard and paper-based packaging for some of the world's most recognized brands of food, beverage, foodservice, household, personal care and pet care products. Headquartered in Atlanta, Georgia, we are a team of collaborative, innovative, passionate individuals who are committed to providing consumer packaging that makes a world of difference. 

With almost 18,000 employees working in more than 70 locations in North and South America, Europe and the Pacific Rim, we strive to be an environmentally responsible leader in our industry and in the communities where we operate. We are committed to workplace diversity and offer compensation and benefits programs that are among the industry's best to reward the talented people who make our company successful. 

If this sounds like something you would like to be a part of, we'd love to hear from you. Learn more about us at www.graphicpkg.com.

Inspired Packaging. A World of Difference. 


 Graphic Packaging is an Equal Opportunity Employer. All candidates will be evaluated on the basis of their qualifications for the job in question. We do not base our employment decision on an employee's or applicant's race, color, religion, age, gender or sex (including pregnancy), national origin, ancestry, marital status, sexual orientation, gender identity, genetic identity, genetic information, disability, veteran/military status or any other basis prohibited by local, state, or federal law. Click here to view the EEO is the Law Poster

Nearest Major Market: Atlanta

Job Segment: Information Security, Compliance, Computer Science, Risk Management, Information Systems, Technology, Legal, Finance