Title:  Lead OT Third Party Risk Management Analyst

Requisition ID:  4325

Atlanta, GA, US, 30328

Department:  Information Technology
Travel:  Up to 25%

If you are a GPI employee, please click the Employee Login before applying.


At Graphic Packaging International, we produce the paper cup that held your coffee this morning, the basket that transported those bottles of craft beer you enjoyed last weekend, and the microwave tray that heated your gourmet meal last night. We’re one of the largest manufacturers of paperboard and paper-based packaging for some of the world’s most recognized brands of food, beverage, foodservice, household, personal care and pet products. Headquartered in Atlanta, Georgia, we are collaborative, diverse, innovative individuals who create inspired packaging while giving back to our communities. 


With over 25,000 employees working in more than 130 locations worldwide, we strive to be environmentally responsible in our industry and in the communities where we operate. We are committed to workplace diversity and offer compensation and benefits programs that are among the industry’s best to reward the talented people who make our company successful.


If this sounds like something you would like to be a part of, we’d love to hear from you.


A World of Difference. Made Possible.



Graphic Packaging International, LLC (GPI) fosters a culture that protects, preserves, and enhances our reputation. The GPI IT Compliance team is seeking an experienced professional to oversee and manage various tasks related to GPI’s IT/OT Third Party Risk Management practices and technologies.

This role will encompass Third Party Risk practices being deployed to manufacturing facilities with the intent to minimize GPI’s risk exposure related to third parties in the GPI ecosystem. This position is responsible for deploying risk management practices to the IT/OT footprint at GPI, and to provide leadership with transparency into GPI's risk exposure for both IT and OT respectively specific to third parties. This role involves establishing new processes with focus on Industrial
Control Systems, MES systems and all OT systems in use at GPI manufacturing facilities (plants and mill locations) across the globe.

Lead, IT/OT - Third Party Risk Management is expected to: · Coordinate with external providers and internal technology teams regarding platform development, enhancements, integration and issue resolution
· Liaise with global risk and compliance groups and OT engineers and leaders related to due diligence matters and system requests or changes
· Collaborate across IT and manufacturing facilities with cross functional teams to escalate and resolve issues and risks identified and tracked
· Represent the IT Compliance Office with business teams, partners, and other GPI stakeholders, and with external third parties
· Identify key performance indicators to be used for management reporting at GPI
· Manage reporting and analyzing metrics for key performance indicators identified for GPI
· Identify risks, exceptions to policy or standards and other risk related issues for tracking and reporting or escalations to leadership
· Define and oversee processes and standards of operation performed by global IT/OT resources

Responsibilities · Gain comprehensive knowledge and understanding of relevant policies, guidelines and compliance program elements which will be deployed to IT/OT processes to achieve risk minimization objectives

· Manage and perform monitoring activities on the IT/OT TPRM program activities, including use of the IT Risk Management and Third Party Risk Management modules within the GPI GRC system (OneTrust)
· Perform data analysis for ongoing monitoring of control violations, risk assessment activities, and reporting to management and senior leaders on key performance indicators on a recurring cadence
· Effectively interpret and document testing and monitoring results and develop recommendations for improvements and enhancements to reduce GPI risk profile for OT systems · Utilize and develop data analytics capabilities to evaluate and improve third party management decisions, mitigation planning of obsolete technologies, and identifying reporting mechanisms to be leveraged for same
· Identify operational risks for OT third parties that need to be raised to leadership for remediation and risk reduction workstreams
· Oversee training of IT and OT TPRM team members, risk & compliance groups and GPI stakeholders on TPRM practices adopted and deployed at GPI
· Monitor, report and track compliance with policies and practices, including system security and access controls for OT systems and respective third parties
· Collaborate with cross functional engineers, leaders, colleagues, and global partners to achieve alignment on goals and objectives associated with risk reduction workstreams
· Effectively communicate with peers, managers, senior managers, and executive leaders cross functionally as a trusted subject matter expert and advisor for TPRM practices
· Recommend and implement process improvements to meet IT/OT Convergence TPRM, risk & compliance goals on an annual basis.
· Provide system and process training and support to the global IT organization and OT engineers and leaders for the ITRM platform TPRM module(s)
· Design and manage other IT third party assessment templates and workflows
· The role will evolve as IT/OT TPRM discipline expands and changes to meet compliance needs of GPI

Key Skills · Aptitude to learn and utilize technology to perform and document responsibilities
· Moderate to advanced skills working with technical tools including Microsoft Office applications, specifically Excel, PowerPoint and Word
· Proven ability designing or enhancing third party risk management or compliance-related activities
· Excellent organizational aptitude
· Ability to analyze problems and facilitate solutions
· Excellent written and verbal communication skills
· Ability to think critically, objectively and analytically
· Detail-oriented with strong project management, organization, prioritization and time management skills
· Flexibility in working on several processes or projects simultaneously to meet team goals and responsibilities
· Possess high integrity to handle sensitive and confidential data
· Ability to work accurately and efficiently under pressure
· Proven ability to work independently and drive projects to completion
· Ability to work collaboratively with subject matter resources, often in a virtual and cross border environment
· Confidence and poise to work directly with GPI leadership teams
· Willingness and ability to readily respond to changing circumstances and expectations
· Interest in effectively developing other colleagues and creating a culture of compliance, inclusion and professional growth

Qualifications · At least 5 years of experience working for a professional services organization providing one or more of the following: regulatory and compliance, audit, consulting, financial advisory, enterprise risk management and other related services
· Substantive direct experience in one or more of the following: third party due diligence, ethics and compliance programs, risk and controls, process management or change management
· Certified Public Accountant, Certified Internal Auditor, Certified Fraud Examiner and/or relevant compliance experience a significant advantage
· Bachelor's degree in accounting, finance, business or related field
· Information Security certifications (CRISC, CISM)
· Functional experience working in a manufacturing environment with MES and ICS systems
· Knowledge of GDPR and CCPA privacy rules associated to accessing, classifying, transferring, or modifying data in its lifecycle


Pay Range:   $93,030.00 - $124,005.00


Graphic Packaging is an Equal Opportunity Employer. All candidates will be evaluated on the basis of their qualifications for the job in question. We do not base our employment decision on an employee's or applicant's race, color, religion, age, gender or sex (including pregnancy), national origin, ancestry, marital status, sexual orientation, gender identity, genetic identity, genetic information, disability, veteran/military status or any other basis prohibited by local, state, or federal law. Click here to view the Poster, EEO is the Law.


Nearest Major Market: Atlanta