GGP Manager, IT Risk & Compliance in Chicago, Illinois

Requisition Number


Post Date



Manager, IT Risk & Compliance






GGP is one of the largest and most innovative retail property owners in the United States, with over 120 retail property locations throughout the country. Headquartered in

Chicago, our mission is to own and operate best-in-class retail properties that provide an outstanding environment and experience for our communities, retailers, employees, consumers and shareholders. This is achieved by everyone working together as one team.

We do this through our various disciplines which are integrated by our common goals, values and a passion for success. A career with GGP is your chance to embark on a rewarding journey into the retail real estate industry.

We are without a doubt a company that values Humility in our success, that has the right Attitude, and is always striving to Do the Right Thing. Together, we Own It and we

are excited to invite you to show us that your vision aligns with ours. We want you to be a part of our success story.

Position Summary:

  • The Manager – IT Risk and Compliance is responsible for leading enterprise IT risk management and compliance processes including management of security policies, internal

audit coordination for IT, and cyber security compliance. This individual will serve as the IT risk and compliance subject matter expert to the Senior Director – Cyber & Information Security and the Chief Information Officer (CIO).

  • Responsible for the review, development, implementation, and improvement of information technology policies, standards, and procedures, ensuring compliance with relevant laws,

regulations, and frameworks

  • Develop and manages timely and appropriate reports, summaries, metrics, and scorecards related to risk and compliance activities including gap analysis, variances, and the

assessment and disposition of cyber risk

  • Coordinate with key stakeholder across the organization to facilitate information technology governance, manage risk and ensure compliance including defining and prioritizing

remediation efforts, tracking remediation activities, and inspecting/validating solutions that have been implemented, where appropriate

  • Organize and manage the annual disaster recovery test and lead the company’s business continuity management program

  • Design and maintain a GRC process for the organization to ensure common understanding of challenges facing the organization

  • Oversee the compliance controls to aid the organization in proactively support various IT audit obligations across Sarbanes Oxley, PCI, Internal Audit, NIST, and clients

  • Conduct third party information security assessments and on-going third party assurance activities, including assessing outsourced information security activities, in support

of joint ventures, mergers and acquisitions, and divestitures

  • Communicate with executive management, various committees, and others, as required, to discuss identified risks and opportunities for improvement within our control environment

  • Acting as a liaison for parties who perform external assessments of our control environment, including auditors and client contacts



  • BA/BS strongly preferred or equivalent work experience combined with related technical certifications and training

  • Relevant certifications strongly preferred: CISSP, CISA, CISM, etc.


  • Five (5) or more years of direct experience in IT risk management, IT compliance, internal audit, project management, and/or information security required

  • In-depth knowledge of PCI, SOX, SSAE16/SOC1, SOC2

  • Relevant cyber security controls experience strongly preferred

  • Ability to work both independently with sole responsibility and as part of a team to deliver quality work product in a timely fashion in a fast-paced environment

  • Ability to work well with people from many different disciplines with varying degrees of technical experience

  • Excellent written and verbal communication skills with the ability to negotiate

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability or protected veteran status. GGP is an equal opportunity employer

– M/F/Veteran/Disability

Please view Equal Employment Opportunity Posters provided by OFCCP

Please view Equal Employment Opportunity Posters provided by OFCCP