Job #: 16824
Title: Manager, IT Governance & Compliance
Duration: Direct Permanent Hire
This is a hands-on role that will be responsible for enhancing and developing our IT compliance program, including compliance control objective authoring, testing, and reporting, as well as achieving appropriate compliance certifications.
- Provides managerial guidance to user department staff on the development of local, system-specific, and application-specific information security policies, guidelines, standards, procedures, and responsibility designations
- Responsible for managing the work environment, identifying workforce needs and ensuring alignment with corporate manager expectations, values and vision as it related to IT Compliance, Audit, and Risk
- Coordinate activities supporting enterprise-wide IT technology audits and assessments. This includes periodic control testing efforts, as well as working with internal and external auditors.
- Act as a primary Subject Matter Expert for IT Compliance.
- Act as liaison between representatives from internal audit, external audit firms, Finance and IT to coordinate scoping, testing approaches, results and deficiencies.
- Work with process and control owners to create Risk & Control Matrix for processes identified through risk assessment
- Identify various compliance, information security and business continuity risks to the organization and makes recommendations for corrective actions/mitigation of risks.
- Think strategically about IT control environment enhancements and be able to plan and implement change.
- Prepare periodic reports, track program progress and report findings to GRC and IT management.
Skills and Education:
- Bachelor’s degree from a four-year college preferred and/or a professional certification requiring formal education beyond a two-year college, or equivalent experience.
- Sarbanes-Oxley / IT audit experience, as well as IT Security compliance standards such as ISO 27001/2 and/or SOC2.
- Strong understanding of IT General Controls, as well as network, OS, application and database controls.
- Strong organizational and planning skills.
- Strong interpersonal & influencing skills and an ability to work in a team environment.
- Good communication skills (written & verbal) with all levels of the organization, as well as external stakeholders.
- Ability to work with minimal supervision and deliver to tight deadlines.
- Knowledge of Governance, Risk and Compliance Frameworks (COSO, COBIT, ISO27001, NIST, etc.).
- Experience with GRC solutions, including building out controls and performing test work within the tool.
- Experience participating in large business/system integration efforts
- 5-6 or more years’ experience in a IT Audit or Compliance role or related experience.
- 2 or more years’ experience with GRC software solutions, especially Archer and Aveksa
- Participation in full life cycle implementations (from scoping/planning, requirements gathering, design, development, testing, go-live and support)