SalaryUSD - $109000 per annum - 109000 per annum
Essential Functions & Responsibilities Include:
- Audit user and system security configurations for compliance with internal and external requirements
- Performs audits and follow-up on corrective actions; Participate in internal audit activities performed for compliance verification; Interact and coordinate with appropriate business unit resources for audit participation
- Functions as a liaison between business units with compliance responsibilities to collect, report, and retain compliance documentation and reports
- Prepares and provides updates for monthly internal and external compliance reports
- Provides information to management regarding negative business impact caused by violation of confidentiality, integrity or availability of information and information systems
- Provides ongoing guidance and support to the organization to promote a progressive and sustainable compliance culture
- Document and maintains risk-based compliance policies and procedures; Develop various materials for use on ITS's compliance intranet site
- Coordinate training materials and monitoring records and the distribution of regulatory information to the appropriate personnel
- Implement and maintains operational plans for key control activities to ensure compliance with regulatory, legal, and corporate or functional related policies and procedures ;Responds to internal and external inquiries and requests for information to clarify regulatory requirements
- Assist in development of processes to identify, quantify, analyze, and report on Technology Risk and Compliance status
- Identify ongoing process improvements, operational gaps, and potential remediation steps; assist and/or lead process re-design and coordination of remediation efforts and remediation status reporting
- Maintains knowledge of legislation and regulation changes related to the financial industry; understanding of applicable finance industry security and privacy regulations, procedures and issues, and assist in leading internal efforts to ensure the organization remains compliant with such laws and regulations
- Lead and/or participate in special project teams supporting general business initiatives outside of the primary security function
- Perform other duties as assigned
- Eight (8) years of related work experience, including a combination of at least three (3) years of progressively responsible experience in Internal Auditing and five (5) years of experience in internal control projects in the private industry.
- Bachelor Degree in Computer Science or related discipline, or equivalent combination of education and experience required.
- Risk management, governance or security certification (CRISC, CGEIT, CISSP, CISM, CISA) or ability to obtain within six months.
- Project Management certification (PMP) preferred.
- Demonstrate behaviors based on values: Excellence, Innovation, Leadership, Passion and Trust
- Working knowledge of NACHA, SSAE 16 and PCI requirements
- Working knowledge of ISO27000 series of standards, PCI, COBIT, ITIL, and Sarbanes Oxley rules surrounding IT
- Working knowledge of OFAC, BSA, GLBA, Patriot Act and other Federal or State laws that impact National Security requirements or privacy
- Strong communication skills, including written skills relating to issue documentation and reporting to executive management and the audit committee
- Understands application of security concepts across a broad scope of information technology areas including data communications, network design, operations, database structures, operating systems, application development, security risk assessment, and disaster recovery
- Ability to exercise discretion and good judgment in making decisions; Understanding of security/controls risk vs. business impact to inform decision making
- Ability to maintain confidentiality of materials handled
Risk and Compliance Manager/Director