Job Description

Are You Ready to Make It Happen at Mondelēz International?

Join our Mission to Lead the Future of Snacking. Make It Uniquely Yours.

Reporting to the Global IT Compliance Lead, asanIT ComplianceManager, the successful candidate will be proficient at managingrisk-basedITcompliance initiatives acrossMondelezTheroleis keyin the successful deliveryofthe annual Sarbanes-Oxleyinformation technology compliance programand the operationalization of EU NIS2 Directive requirementsfor all in-scopeapplications and supported technologies.In addition, the candidate will be performing compliance activities related to technology assurance areas around access management, vulnerabilitymanagement,and configurationmanagement,among othersCandidatewill alsodemonstrateability and experience in governance related activities including administrative management of risk and control registers as well as policies and standards.

How you will contribute

AssuranceProgramResponsibilities

• Conduct assuranceactivities related to theannual SOX Compliance audit with a specific focusofIT General Controlsand Vendor SOX Compliance

• Lead compliance activities for the NIS2 Directive, including performing initial and recurring gap assessments, remediation tracking, and supply chain security alignment.

• Perform quarterly compliance assurance testingandmaintainaudit-ready evidence documentation.

• Document compliance testingevidence andresultsproviding audit ready assurances

• Maintain ManagementActionPlan (MAP)catalog with due dates.

• Manage monthly audit ManagementActionPlans(MAPs) Includes thetimelycommunication of openMAPsan escalation as needed of risks to completing MAPs at their agreed delivery dates.

• Perform administrative activities in GRC Solution for compliance related activities.

• Managead-hocexternalITaudits.

• SupportGRC Lead for CTO/CISO focusedinternal audits.

• Managecompliance program reporting activities.

Requirements:

• 7 years in one or more of the following fields: Information Security, SOX Compliance, Internal Controls, Internal Audit or GRC,

• 3 years leadingmanaginginternal and external audits (i.e., Sarbanes-Oxley SOX) for a public US company

• Direct experience with EU cybersecurity regulations, specifically the NIS2 Directive.

• Experience with GRC tools (e.g., Archer)

• ISACA CISA and/or CISM Certifications (significant plus)

• Knowledge of security concepts and methodologies such as risk assessments, risk & controls, policies & standards, enterprise security strategies, network, and cloud security

• Working knowledge of securityand compliance frameworks such as CIS, NIST and ISO

• Excellent written and verbal communications skills, including presentational skills and able to clearly communicate issues to management and other key stakeholders.

More about this role

Travel requirements:

25%

No Relocation support available

Business Unit Summary

At Mondelēz International, our purpose is to empower people to snack right by offering the right snack, for the right moment, made the right way. That means delivering a broad range of delicious, high-quality snacks that nourish life's moments, made with sustainable ingredients and packaging that consumers can feel good about.

We have a rich portfolio of strong brands globally and locally including many household names such as Oreo, belVita and LU biscuits; Cadbury Dairy Milk, Milka and Toblerone chocolate; Sour Patch Kids candy and Trident gum. We are proud to hold the top position globally in biscuits, chocolate and candy and the second top position in gum.

Our 80,000 makers and bakers are located in more than 80 countries and we sell our products in over 150 countries around the world. Our people are energized for growth and critical to us living our purpose and values. We are a diverse community that can make things happen—and happen fast.

Mondelēz International is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation or preference, gender identity, national origin, disability status, protected veteran status, or any other characteristic protected by law.

Job Type

RegularInformation SecurityTechnology & Digital