Job #: 16824

Title: Manager, IT Governance & Compliance

Location: Portland

Duration: Direct Permanent Hire

Overview:

This is a hands-on role that will be responsible for enhancing and developing our IT compliance program, including compliance control objective authoring, testing, and reporting, as well as achieving appropriate compliance certifications.

Duties:

  • Provides managerial guidance to user department staff on the development of local, system-specific, and application-specific information security policies, guidelines, standards, procedures, and responsibility designations
  • Responsible for managing the work environment, identifying workforce needs and ensuring alignment with corporate manager expectations, values and vision as it related to IT Compliance, Audit, and Risk
  • Coordinate activities supporting enterprise-wide IT technology audits and assessments. This includes periodic control testing efforts, as well as working with internal and external auditors.
  • Act as a primary Subject Matter Expert for IT Compliance.
  • Act as liaison between representatives from internal audit, external audit firms, Finance and IT to coordinate scoping, testing approaches, results and deficiencies.
  • Work with process and control owners to create Risk & Control Matrix for processes identified through risk assessment
  • Identify various compliance, information security and business continuity risks to the organization and makes recommendations for corrective actions/mitigation of risks.
  • Think strategically about IT control environment enhancements and be able to plan and implement change.
  • Prepare periodic reports, track program progress and report findings to GRC and IT management.

Skills and Education:

  • Bachelor’s degree from a four-year college preferred and/or a professional certification requiring formal education beyond a two-year college, or equivalent experience.
  • Sarbanes-Oxley / IT audit experience, as well as IT Security compliance standards such as ISO 27001/2 and/or SOC2.
  • Strong understanding of IT General Controls, as well as network, OS, application and database controls.
  • Strong organizational and planning skills.
  • Strong interpersonal & influencing skills and an ability to work in a team environment.
  • Good communication skills (written & verbal) with all levels of the organization, as well as external stakeholders.
  • Ability to work with minimal supervision and deliver to tight deadlines.
  • Knowledge of Governance, Risk and Compliance Frameworks (COSO, COBIT, ISO27001, NIST, etc.).
  • Experience with GRC solutions, including building out controls and performing test work within the tool.
  • Experience participating in large business/system integration efforts
  • 5-6 or more years’ experience in a IT Audit or Compliance role or related experience.
  • 2 or more years’ experience with GRC software solutions, especially Archer and Aveksa
  • Participation in full life cycle implementations (from scoping/planning, requirements gathering, design, development, testing, go-live and support)