Do you want to work in a dynamic and demanding atmosphere where you can make a difference as an information technology professional and have fun doing so? A large vision necessitates a large task. As we expand, so does our need for additional expertise in information security, privacy, governance, risk, and compliance (GRC). To satisfy the expectations of this expanding company, we are looking for motivated, innovative professionals who are passionate about thinking outside of the box to provide top-tier technical solutions and supporting documentation.
In this role, you will join a team supporting IT internal controls, compliance, and cyber risk analysis across all divisions and multiple technology platforms. Our ideal candidate will be self-motivated and highly driven with keen attention to detail and reporting requirements, and experience supporting internal and external audits, and a variety of projects and strategic initiatives across the business.
SUMMARY
Support IT internal controls, compliance, and cyber risk analysis across all divisions and multiple technology platforms.
ESSENTIAL DUTIES AND RESPONSIBILITIES
Maintain legal and regulatory compliance through effective research and communicating the ever-changing requirements to IT team members and other corporate leadership. Manage annual IT internal and external audits, risk assessments, and regulatory, legal, and policy compliance to ensure prompt, accurate responses to internal and externals requests. Review auditor requests to ensure they are appropriately scoped and reasonable. Oversee the collection of audit evidence and materials provided by internal team members to ensure completeness and accuracy prior to auditor submission. Create and maintain productive working relationships with key business, internal audit, and compliance officials as well as IT staff from each division to effectively collaborate on compliance and risk-related concerns. Present findings/suggestions that will allow IT to satisfy new and existing regulatory obligations across all divisions, including compliance requirements of other countries in which we operate or hire. Work with control owners to ensure controls are actively managed and monitored throughout the year. Conduct IT compliance training sessions to prepare for audits/assessments and mentor junior team members. Inform others about IT risk and compliance issues and shortcomings to ensure that remedial action plans are in place and are properly tracked. Make suggestions for repeatable, quantifiable, and long-lasting remediation programs, and follow up on action plans until they are completed. Develop IT documentation for IT internal controls in consultation with IT and the EVP of compliance including IT process narratives, process flows, and documented control actions. Develop and maintain various enterprise policies and procedures. Assist in sustaining governance tools for risk and compliance, including 3rd party risk management, and contribute to the design, creation, and maintenance of risk-based metrics. Ensure compliance with the IT frameworks by helping IT control owners implement and validate controls for the processes of access management, release management, change management, and vendor management. Collaborate with IT on how to efficiently adhere to IT standards and proactively reduce risks. Maintain regular and punctual attendance. Perform other duties as assigned.
SUPERVISORY RESPONSIBILITIES
None.
MINIMUM QUALIFICATIONS
Bachelor’s degree in business, computer information systems, management information systems, computer science or cybersecurity preferred. In lieu of degree, eight (8+) plus years of relevant experience. Five (5+) plus years of IT experience with increasing responsibility. Four (4+) plus years of experience in IT audit, compliance, and risk management. Experience working in a large, integrated international corporation. Expertise in frameworks or legal standards such as COBIT, NIST 800-53 and 800-171, HIPAA, PCI, and GDPR. Knowledgeable about detecting hazards for automated controls. Experience developing, implementing, and administering vendor, supplier, and other 3rd party security assessments. Experience working with ERP systems to detect problems, generate problems and reports, and remediate problems. Proficient in obtaining audit data from ERP systems and creating reports to satisfy audit requirements. Experience managing projects in a complex, decentralized IT organization. Working knowledge of Azure and AWS environments, especially GCC Moderate and High. Working knowledge of databases, DevSecOps, containers, development tools. Working knowledge of firewalls, wired and wireless networking, SIEM (XDR), end point management and security, VDI, and MFA. Comprehensive understanding of evaluating third-party SSAE 16 (SOC 1 and 2) reports and contracts to ensure that third-party vendors and partners have effective internal control programs and identify all risks they might present. Ability to collaborate well in a dynamic, fast-paced setting. Ability to balance a variety of resources, deadlines, and requirements while working on various tasks. Strong written and verbal communication skills, including the capacity to speak with business partners in an effective manner regarding IT compliance and cyber risks. Must obtain and maintain any necessary security access and/or background checks. (U.S. citizenship required)
DESIRED QUALIFICATIONS AND & SKILLS
Eight (8 +) plus years of experience in growing IT roles. Experience supporting internal and external audits, and a variety of projects and strategic initiatives across the business. Experience supporting a US government contracting agency. Experience in complex business processes and technological risks. Professional certification(s). Self-motivated and highly driven with keen attention to detail and reporting requirements.