The IT Controls Manager will help to drive and influence our overall IT controls and compliance initiatives, ensuring the completeness and operational effectiveness of its IT controls program. This role will assist in the documentation and overall management of the IT controls and will provide advice and guidance to ensure ongoing alignment with system and business process owners.
The role will work cross-functionally with internal resources such as Security, Infrastructure, Information Technology, Corporate Systems, HR, Internal Audit and Legal along with external resources as appropriate. The IT Controls Manager will help ensure the company satisfies all its compliance obligations while continuing to evolve and improve its IT Control Program to ensure that controls are documented, understood, and routinely tested for effectiveness in compliance with applicable laws and regulations.
Responsibilities
- Demonstrated understanding of business process, internal controls, risk management and related controls
- Inventory and manage IT Process and Control Documentation
- Develop and document IT Process and Control Documentation, when necessary
- Create alignment of controls mapping to business owners/technical owners
- Perform System and business process risk assessments around new strategic initiatives and changes within the business (i.e. acquisitions, new business offering, new system implementation, and auditor/PCAOB guidance changes)
- Document risks and mitigating controls through risk control matrices as well as ensuring proper rationalization of controls
- Advise IT Management on the best strategies for optimizing the security of data systems, information assets, and general business processes.
- Work with management on the design and/or testing of implementation controls (i.e. data conversion, ITGC, interface, reports, application controls) for systems
- Collect, review, analyze and verify audit evidence
- Conduct interviews with control owners as part of control walkthroughs and review documents
- Test & evaluate the effectiveness of the Company's IT controls
- Prepare relevant reports, metrics, and presentations for management
- Coordinate and support internal and external audit activities
- Monitor the progress of audit finding remediation and verify successful completion
- Contribute to the development of the annual IT SOX and PCI Compliance plans
- Create and deliver IT internal Control Training, as necessary
- Serve as one of the company's subject matter experts on ITGC risks and the ITGC Compliance program
- Identify opportunities to standardize, simplify and improve processes to drive balanced risk management
- Identify capabilities to manage and monitor controls. Identify gaps and recommend solution (i.e. people, process, technology) to address identified gaps.
- Lead IT Steering Committee focused on IT SOX applications and the controls and processes in place to support those systems
- Lead/Manage Weekly Change Advisory Board
- Lead/Manage User Access Reviews for Critical Systems
- Participate in the development and testing of Disaster Recovery and Business Continuity Plans
Skills Required
- Experience: 5-7 years’ of progressive experience in IT auditing, SOX Testing/Compliance reporting, and/or IT Security Compliance experience is preferred.
- Knowledge of IT Control Frameworks such as NIST-CSF, ISO, SOX, and PCI
- Education: BA/BS in MIS or Accounting or a related field of study.
- Certification: CISA, CISM, CISSP, CRISC, ISO27001 or equivalents.
- A passion for IT Controls and compliance.
- Ability to understand technical architectures, system capabilities and explain data privacy requirements to various levels of data privacy knowledge.
- Strong oral and written communication skills
- Strong interpersonal skills and ability to work with all levels
- Experience or working knowledge of GRC tools
- Flexibility to change direction and manage conflicting demands.
- Ability to comfortably work multiple projects.
Title
Location
Client Industry
