Individuals within the IT Compliance Management role are responsible for ensuring that the organization in accomplishing its objectives by bringing a systematic, disciplined approach to evaluating and improving the effectiveness of IT risk management, IT control and governance processes. Persons in this role will be a primary resource for driving adherence to regulatory and internal IT controls. They will lead projects to implement the Enterprise IT Compliance Program and identify gaps and recommend risk mitigation alternatives to management. Will assist development of continuous monitoring controls to assess the IT control environment and its effectiveness against the IT Corporate Compliance Standards. Partner with the Corporate Compliance team to provide guidance and enhancements of control adjustments based on industry or corporate standards.
Members of this role need to understand IT related operational business processes, software development life cycles, security principals, process design, and a strong knowledge of compliance management. They must be able to understand business requirements, technical specifications and change management documentation to audit work products against standards. They must be highly skilled communicators who can clearly define where practice diverges from standards and collaborate to recommend remediation.
The associate in this role will work on multiple projects as a compliance team leader or advisor. They will work on projects that have system-wide impact, integrating across the organization and involving multiple technical environments and disciplines. The IT Compliance Manager II identifies and communicates how IT solutions can support the achievement of short- and long-range IT Compliance goals.
PRIMARY DUTIES AND RESPONSIBILITIES:
' Work with business units to understand operational processes and how those processes affect IT processes and support.
' Represent IT policies, controls and processes while supporting business units in client audits. Must be able to accurately communicate our controls strategy and how IT controls operate.
' Develop and maintain a high degree of knowledge of IT processes that support subsidiaries.
' Support the IT Compliance group in identifying / documenting IT General Controls (ITGC)
' Manage and prepare clear, detailed and accurate compliance documentation including narratives, control descriptions, risk control matrices, test programs, and performance metrics.
' Accurately and consistently respond to client requests for information related to ITGCs.
' Collaborate with control owners to design, document and implement IT control points.
' Provide controls guidance to IT and the business to facilitate operational effectiveness and ensure compliance requirements are met.
' Utilize sound judgment to identify and assess risk, materiality, and adequacy of audit evidence, compensating controls, and significance of findings.
' Collaborate effectively and on an ongoing basis with all constituents involved in ITGCs.
' Review progress toward the ITGC plan regularly with IT process and control owners, and auditors to enhance the plan as necessary.
' Build trusted working relationships with the enterprise Finance, Legal, Audit and Corporate Compliance groups to support Internal and External Audits, and to ensure the understanding and acceptance of audit issues regarding business risks and controls.
' Implement reviews of controls programs that are required to mitigate compliance risks and vulnerabilities, and work with appropriate stakeholders to address and enhance as appropriate.
' Assist external compliance initiatives that may include PCI DSS, HIPAA, and other compliance programs, including the coordination of auditors interfacing with IT staff, guidance for appropriate remediation actions for findings, communication and escalation of remediation.
' Stay current with latest changes in external compliance initiatives that may affect the organization's compliance with external requirements.
' Assist internal and external auditors in compliance reviews.
' Diagnose findings and prepares internal controls reports and presentations to senior management.
' Establish and communicate timelines, requirements and issues with management in a professional and timely manner.
' Report items and action plans as part of program deliverables.
' Escalate key control risks and issues, in a professional manner to management.
' Adhere to policies, procedures and standards.
' Evaluate business process efficiencies to make recommendations on application of testing standards.
' Evaluate and make compliance recommendations on standards within enterprise wide processes such as change and release management.
' Suggest and influence process improvements and act as a change agent for the organization.
' Work with IT and enterprise leadership to establish key performance metrics for IT.
' Provide mentoring to team members.
' Recommend training programs targeting specific areas of improvement.
' Evaluate Control Frameworks, Regulations and Certifications providing analysis based on findings.
' Participates in evaluation of risks and mitigations, and reviews these with project leadership.
' Participates in evaluation of acquired solutions and provides findings on control risks.
EXPERIENCE AND EDUCATIONAL REQUIREMENTS:
Bachelor's Degree in Computer Science, Information Systems, Business Administration or other related field or equivalent work experience. Minimum 7 years IT compliance or audit experience, including supervisory experience working for a large company. Must have a professional certification (CISA, CISM, CISSP, CIA, CGEIT, or CRISC). Knowledge of 2 or more industry regulations, standards and certifications around PCI, HIPAA, URAC or FDA regulations such as 21 CFR Part 11 and GxP.
MINIMUM SKILLS, KNOWLEDGE AND ABILITY REQUIREMENTS:
' High degree of literacy with IT system processes and internal controls
' Strong interpersonal and analytical skills
' Ability to interpret and apply policy and procedures to recommend corrective course of action
' Ability to take initiative and to drive improvement
' Ability to work within a team environment and to collaborate with personnel in other departments to achieve consensus and complete projects
' Skilled at interacting with internal and external personnel
' Strong organizational and oral/written communication skills
' Comfortable working with management and ability to work independently on projects and direct assigned staff
' Extensive exposure to IT related operations, including: system development project management methodologies and practices; IT Operations, IT planning, management and organization, and other general application specific control principles and risk
' Working knowledge of HIPAA / HITRUST, COSO and CoBIT frameworks
' Experience with SOCx, PCI or ISO certification
Nesco Resource is an equal employment opportunity employer and does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, disability, age, or veteran status, or any other legally protected characteristics with respect to employment opportunities.
Certified In The Governance Of Enterprise It
Cash Or Share Options
Certified In Risk And Information Systems Control
Process Improvements (Business)
Certified Information Security Manager