IT GRC Consultant

McCormick & Company, Inc., a world leader in the spice, flavor and seasonings industry, is seeking a full time IT GRC Consultant. This position will report to the IT Governance & Risk Compliance Manager.


With more than $5 billion in annual sales, the Company manufactures markets and distributes spices, seasoning mixes, condiments and other flavorful products to the entire food industry – retail outlets, food manufacturers and foodservice businesses.  We create differentiating flavors consumers prefer with unmatched quality, science, innovation and service.  Every day, no matter where or what you eat, you can enjoy food flavored by McCormick.  McCormick brings passion to flavor™!


As a company recognized for exceptional commitment to employees, McCormick offers a wide variety of benefits, programs and services.  Benefits include, but are not limited to, tuition assistance, medical, dental, vision, disability, group life insurance, 401(k), profit sharing, paid holidays and vacations.

Position Overview/Primary Purpose:

The IT GRC (Governance, Risk, and Compliance) Consultant position ensures compliance with legal, regulatory and internal IT controls, processes, policies and procedures. This role will exhibit best practice risk management skills through effective IT security controls and improvement of risk management processes. This position reports to the Manager, IT Governance & Risk Compliance and works with all levels of the IT organization ranging from leadership to subject matter and technical experts to external service providers and represents the IT organization during frequent interactions with internal and external auditors.


The candidate will have knowledge of applicable risk management practices required to create a culture of risk management compliance for his or her group or department. Identifies, assesses, and monitors applicable risks based on risk management policies and procedures. Assess and review the technology risks for different IT assets (Cloud or On-Premise, applications and Infrastructure).Communicate and oversee the effective execution and performance of IT controls and the effective implementation of management action plans in response to audit and test findings (self-assessments, quarterly and ad-hoc SOX testing, internal audit remediation, etc.). The candidate is expected to promote security and compliance best practices within the broad IT team as well as in business units and business functions.


This role reports to the IT Governance & Risk Compliance Manager.




  • Minimum 3 years of professional experience within IT risk management, regulatory compliance and/or IT audit related activities.
  • Monitor the performance of the key McCormick compliance program components and related activities on a continuing basis, and reporting to the Manager, IT Governance & Risk Compliance as appropriate.
  • Provide guidance and direction on the regulatory compliances and security standards .
  • Ensure all the functions and services are compliant to regulatory compliances and unified control framework (NIST-800-53) is operating effectively.
  • Assist and coordinate quarterly SOX 404 audit process.
  • Assist in the testing of IT controls and the effective implementation of management action plans in response to audit and test findings (self-assessments, quarterly and ad-hoc SOX testing, internal audit remediation).
  • Help facilitate positive change by examining IT and business processes and recommending areas for improvement.
  • Collaborate with internal audit to review appropriate control measures, procedures and evidence to ensure continuous compliance, quality and efficiency.
  • Monitor and as needed, report compliance activities across IT to remain abreast of the status of all compliance activities and to identify trends.
  • Report against in progress corrective action plans for resolution of problematic issues and provide management with summary information on the status of the portfolio of corrective action plan.
  • Monitor that the controls are being performed with the appropriate risk based-frequency, by the appropriate control owners, facilitators and approvers; provide guidance to employees as necessary to ensure the effectiveness or the IT Policy & Compliance program.
  • Reviews IT risk assessments analyzes the effectiveness of information security control activities, and reports on them with actionable recommendations.
  • Providing subject matter expertise in cyber risk requirements.
  • Liaises with different IT operational teams and business units on their assessment of cyber risks, and the controls.
  • Participates in security investigations and compliance reviews as requested.


Required Qualifications:

  • Bachelor’s degree in Information Technology, or in a relevant field.
  • At least of 3 years’ experience in Information Technology
  • At least 3 years’ of experience in Governance Risk and Compliance.
  • Experience working in a team-oriented, collaborative environment.
  • Exceptional communication skills and the ability to communicate appropriately at all levels of the organization; this includes written and verbal communications as well as visualizations.
  • Strong interpersonal and consultative skills.
  • Ability to maintain confidential and personal information


Preferred Qualifications:

  • Risk Management Framework (NIST 800-53)
  • Knowledge of IT GRC Automation Platform’s like SAP GRC
  • Knowledge of technical infrastructure, networks, databases and systems in relation to IT Security and IT Risk.
  • Prior experience performing security reviews, risk assessments, and vendor risk assessments preferred.