Senior IT Compliance Professional
Description
The Senior IT Compliance Professional audits the most complex new and existing information systems applications to ensure that appropriate controls exist, that processing is efficient and accurate, and that information systems procedures are in compliance with corporate standards. The Senior IT Compliance Professional work assignments involve moderately complex to complex issues where the analysis of situations or data requires an in-depth evaluation of variable factors.
Responsibilities
The Senior IT Compliance Professional works with all parts of IT to ensure that the appropriate controls exist, operate effectively and that information systems procedures are in compliance with industry and corporate standards. Begins to influence department’s strategy. Makes decisions on moderately complex to complex issues regarding technical approach for project components, and work is performed without direction. Exercises considerable latitude in determining objectives and approaches to assignments.
You will assist the manager of the ITRG in implementing an IT Risk Governance framework across IT. You will be required to work with various levels of IT leadership, professionals, and technicians in the performance of your role.
Key responsibilities include:
• Inventory and document current IT Policies
• Review and ensure IT Policies are consistent across IT
• Ensure IT Policies are reviewed by the owners at least annually
• Inventory and review all IT Processes, Sub-Processes- and Procedures in Enterprise Solution Point (ESP)
• Work with internal and external assessors to ensure SOX documentation is updated
• Work with internal and external assessors in the performance of SOC-1 to ensure ESP is updated
• Work with internal and external assessors in the performance of SOC-2 to ensure ESP is updated
• Work with ITRG Manager to identify and document processes, sub-processes, and control procedures in ESP as identified during IT Risk Governance development
• Build and own ESP dashboards with ESP control procedures and ensure mapping to Risk Framework is complete, accurate and valid
• Assist with the review process of new technologies using the IT Risk Assessment tool
• Assist with mapping and documentation of IT risks to CTRO risk management model
• Facilitate IT Risk Governance meetings as needed and identified
• Support the Issue and Opportunity reporting, processes and activities
• Assist the ITRG Manager with the deployment of the ITRG framework
Required Qualifications
- Bachelor's degree
- 5+ years of technical experience (operational risk management, audit and/or IT/operations management)
- IT background with demonstrated experience leading special projects and producing metrics, measurements and trend reports
Preferred Qualifications
- PMP certification
- Exemplary core project management skills including multiple aspects of the PMBOK
- Ability to navigate a highly matrixed organization effectively.
- Sound business and technical acumen.
- Demonstrated experience with process documentation and re-engineering
- Prior experience managing vendor relationships
- Certifications such as CISA, CISSP, CIA, CRISC, CGEIT
- Understanding of compliance requirements such as Payment Card Industry (PCI), Sarbanes-Oxley, SSAE-18 SOC1 & SOC2, HIPAA, ISO27001, COBIT, VALIT, RISKIT, ITIL, COBIT, SANS
- Experience leading and performing IT SOX projects, IT risk-based audits and IT SOC-1, SOC-2 assessments (Direct Assist)
- Ability to work in a fast paced, dynamic and changing environment while managing multiple projects simultaneously
- Excellent communication skills