Responsible for managing IT department compliance related to Information Security, PCI and ITGC / SOX controls to include maintenance of a compliance framework. Own, coordinate, and execute the planning and performance of regular control activities, while working directly with the technical and business stakeholders, as well as Internal Audit, to identify appropriate risk factors, assess the adequacy of existing controls and drive remediation of control weaknesses to ensure compliance requirements are maintained.
Description of Responsibilities:
- Create and annually update IT policies, leveraging appropriate SMEs and best practices.
- Manage the IT change control process, ensuring all changes comply with IT SDLC and control requirements.
- Work with process owners to develop and implement controls which meet the control objectives
- Work with control owners to ensure testability of existing controls and regularly validate that control activities are being performed according to schedule.
- Oversee and drive remediation processes to address control issues identified via security assessments or by auditors, including tracking and managing remediation action plans in a centralized location
- Proactively identify existing and emerging IT risks that may be of importance to the company’s Executive Management and the Audit Committee
- Act as liaison with internal auditors for all audit concerns and discussion of remediation activities for identified deficiencies
- Monitor IT processes and system configurations to ensure compliance with internal policies and procedures Assist in the performance and organization of periodic access reviews
- Provide IT Management with status and performance reporting related to compliance risk and controls effectiveness
- Assist in standardizing IT general controls across all applications, including those managed outside of IT.
Requirements and Preferences:
- Five years of SOX experience and proven experience in supporting audit/compliance functions, including ITGC, access reviews and segregation of duties
- Three years of experience with Information Technology in any capacity
- Bachelor's Degree in Management/Computer Information Systems, Cyber Security, Information Assurance or similar field preferred
- CISA, CRISC certifications strongly preferred and CISM or CISSP preferred.
- Strong knowledge of information systems security standards and practices
- Hands on experience with design and implementation of IT General Controls (ITGC)
- Broad understanding of compliance frameworks such as COSO, COBIT, NIST, ISO, etc.