Share this Job

Director - IT Risk Management


King Of Prussia, PA, US

Company:  AmeriGas Propane, Inc.

When you work for AmeriGas, you become a part of something BIG! Founded in 1959, AmeriGas is the nation’s premiere propane company, serving over 2 million residential, commercial, industrial and motor fuel propane customers.  Together, our 8,500 dedicated professionals will deliver 1.5 billion gallons of propane from 1,400 distribution points across the United States.

Job Summary (Purpose): 


The Director, IT Risk Management position is responsible for mitigating risks by through the development and delivery security roadmaps, best practices, architecture, and standards to insure information security across the enterprise.  Identifies key risks, threats, and noncompliance and communicates to senior management as needed.


Key Characteristics:


  • Thorough understanding of Control / Risk frameworks, Sarbanes-Oxley, PCI, CCPA, and GDPR
  • Strong background and orientation towards cyber-security
  • Technically capable and credible – able to interact with technical teams on a routine basis and challenge them on design and implementations


Duties and Responsibilities:


  • Lead strategic security planning to achieve business goals by prioritizing defense initiatives and coordinating the evaluation, deployment, and management of current and future security technologies.
  • Advises IT and business executives on the status of technology risk and compliance issues based on assessment results and information from various monitoring and control systems.
  • Monitors and analyzes technology risk trends, recommends appropriate IT policies, procedures and practices to strengthen internal operations.
  • Manages and participates in the planning and implementation of security administration for all IT Projects. 
  • Responsible for evaluation and selection of security applications and systems. 
  • Makes recommendations and assist in the implementation of changes to work methods and procedures to make them more effective or to strengthen security measures.
  • Directs IT functional teams in the development, implementation, monitoring and reporting of control processes, documentation and compliance routines.
  • Provides oversight regarding audit, regulatory and risk management activities across IT functional areas, such as the development and maintenance of regulatory documentation (e.g., Sarbanes-Oxley Act compliance, PCI, CCPA / GDPR Compliance)
  • Responsible for policies and procedures around change management and risk management
  • Coordinates the IT component of both internal and external audits, federal and state examinations.
  • Provide strategic direction and leadership to oversee and deliver security applications and systems.
  • Participate in key planning and strategy meetings with AmeriGas’ IT Leadership Team and UGI’s Global Security Leadership Team.
  • Manage the executive communications and reporting of the status of IT Risk management, including preparing and participating in board meetings if required.


Knowledge, Skills and Abilities:


  • Able to move the entire LPG Business (AmeriGas & UGI International) forward on managing technology related risks
  • Possesses detailed knowledge of industry regulatory environment and risk management practices, and thorough understanding of Sarbanes-Oxley, PCI, CCPA, and GDPR
  • Strong background and orientation towards cyber-security
  • Technically capable and credible – able to interact with technical teams on a routine basis and challenge them on design and implementations
  • Knowledge of the application security and regulatory environment in the U.S. and Europe.
  • Strong leadership and communication skills especially at a technical and executive level.
  • Strong leader in talent management, with the ability to develop staff, recruit appropriate talent, and create a culture of performance.


Education and Experience Requirements


  • 10+ years of experience in IT security, frameworks, policies, standards, regulatory, audit and security risk disciplines and practices        
  • Demonstrated track record of managing software security programs at a large  company
  • A bachelor's degree in information systems or equivalent work experience
  • Strong leadership and communication skills especially at an executive level
  • Experienced in management of remote team members
  • Experience with PCI Compliance
  • Experience with common information security management frameworks



The above information on this description has been designed to indicate the general nature and level of work performed by employees within this classification.  It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications required of employees assigned to this job.

AmeriGas is a Drug Free Workplace.  Candidates must be able to pass a pre-employment drug screen and a criminal background check.  AmeriGas is an Equal Opportunity Employer.

Nearest Major Market: Philadelphia

Job Segment: Manager, Risk Management, Law, Information Systems, Compliance, Management, Finance, Legal, Technology