IT Compliance Program Manager

About the job

The IT Compliance Program Manager provides program oversight and management of all technology related compliance activities across the organization. The role is responsible for the enforcement of all IT-related corporate policies and procedures, compliance initiatives, support of the core security functions of IT Security, and will Lead IT compliance audits related to SOX and other compliance or privacy initiatives from an IT regulatory compliance and security perspective.

The IT compliance program manager’s role is to assess and oversee all technology-related compliance issues across the organization including privacy, business continuity, identity management, user access and data integrity. This includes providing objective risk assessments of the company‘s compliance with regulatory, organizational and commercial requirements governing the organization’s information technology systems.

The IT compliance program manager will also direct the development and implementation of policies, procedures and controls to ensure that the organization’s practices remain observant to all pertinent local, state/province/county and federal laws and industry standards. In this role, the IT compliance manager will be collaborating with non-IT compliance professionals such as audit, legal, and corporate compliance to ensure organizational alignment.

Core Responsibilities

• Facilitate the creation and modification of all technology compliance policies.
• Identify the associated IT compliance control gaps and oversee the documentation, implementation and testing of the entire IT compliance control portfolio.
• Develop and direct IT compliance control monitoring programs to ensure IT compliance-related risks are managed to the appropriate level of acceptable residual risk.
• Implement and maintain an IT compliance issue management tracking and resolution process that will address known issues, according to severity and potential impact to the organization.
• Report the levels of IT compliance risk and control effectiveness to key stakeholders such as IT-business unit management, senior management, legal management, regulators, internal/external auditors, etc.
• Coordinate audit-related tasks such as ensuring the readiness of IT managers and their organizations for audit testing and facilitating the timely resolution of any audit findings.

Audit Operations Activities

• Creating the IT audit agenda and identifying ways to integrate with the operations audit or specific compliance-based audits.
• Implementing and supervising the IT audit issue tracking and resolution process.
• Reviewing and approving the schedule for review of controls independent of the audit schedule to save time during audits.
• Communicating with senior IT and business leaders on drivers of the IT audit agenda.
• Preparing the communications schedule with the IT Leadership team and key stakeholders
• Collaborating with internal audit team members to vet or obtain peer review on audit observations before report writing.
• Identifying and tracking performance metrics at the team and individual levels
• Managing skill development for the IT team.
• Supervising the effective use of audit tools and technology and tracking the impact of automation on team performance.
• Reviewing and revising the awareness program to educate all employees on the activities of the IT audit team and drivers for assurance.
• Managing escalations made by auditees about IT audit observations or audit activities.

Audit Tasks

• Reviewing and updating the IT audit universe that includes all types of compliance obligations, contractual requirements, and existing and potential risks.
• Developing and revising procedure for the inclusion of changing risks into the IT audit plan.
• Planning and reviewing the annual review of risks influencing the effectiveness of operations, privacy, IT risk management, and business continuity and disaster recovery.
• Studying risk assessments conducted by the business owners and support functions to incorporate relevant tests in IT audit plans.
• Reviewing the IT audit risk assessments conducted by the IT internal audit team members.
• Planning third-party audits in consultation with vendor management teams and business process owners.
• Reviewing third-party attestation and audit reports and providing feedback to business leaders and risk owners.
• Reviewing raw data and work papers collated by the IT internal audit team for justification of observations and to identify potential missed observations.
• Monitoring IT audit best practices in the industry to determine opportunities for improvement, including tools and processes.

Regulatory Compliance Activities

• Work with corporate legal and compliance representatives to identify all related IT compliance requirements (i.e., security, user access, privacy, data integrity, etc.) associated with the laws and regulations within all relevant jurisdictions.
• Ensure all related IT compliance policies are updated, based on any relevant regulatory changes or new laws.
• Create a regulatory change management process that identifies and coordinates the modification of related technological functions, business processes and/or compliance controls.
• Conduct necessary IT compliance and SOX control monitoring and testing activities to determine the effectiveness of the controls.
• Remediate IT compliance and SOX control deficiencies.
• Coordinate the investigation of any potential unlawful or fraudulent action related to IT compliance, such as the intentional release of privileged information.

Commercial Compliance Activities

• Work with IT procurement, to identify all IT compliance commercial requirements and industry standards, related to the supply as well as the delivery of goods and services.
• Communicate IT compliance standards and requirements to relevant suppliers through various means, such as requests for proposal, contractual terms, etc.
• Perform necessary due diligence activities to determine third-party adherence with IT compliance requirements prior to establishing a business relationship.
• Monitor third-party adherence to IT compliance requirements and address any and all instances of noncompliance.
• Request proof of required industry standard certification or report (e.g., ISO 27001, Service Organization Control Reports, PCI DSS, etc.).

Software Asset Management & Provisioning

• Work with IT teams to create governance and policies for Software Asset Management
• Develop Software provisioning process
• Manage Software user entitlements

Qualified Candidates Will Have

• 4+ years’ experience managing IT compliance assessments within a corporate setting.
• Proven experience developing and submitting IT audit and compliance reports to governing bodies, legal entities and/or external authorities.
• Experience in planning, organizing, and developing information technology policies, procedures and practices.
• Strong communication skills (written and oral), particularly with government/legal agencies and external/internal auditors.
• Demonstrated ability to apply IT-related knowledge and experience in solving compliance issues.
• Excellent knowledge of technology environments, including information security, encryption methods and privacy-based solutions.
• General knowledge of business theory, business processes, management, budgeting, and business office operations.
• Demonstrated understanding of data processing, hardware platforms, enterprise software applications and outsourced systems, including SAP and ServiceNow.
• Understanding of computer systems and integration capabilities.
• Solid understanding of project management principles.
• Ability to translate understanding of the organization’s goals and objectives into compliance requirements.
• Ability to translate the company‘s vision, values, mission and objectives into drivers for designing the IT audit agenda.
• Proven experience in managing audit reports for different audiences
• Proven experience of working in technology environments, including information security, encryption methods, privacy-based solutions, and solutions for backup and recovery.
• Proven experience in risk-based and SOX audits
• Ability to establish credibility and working relationships with a wide range of corporate personnel, including operations, management, executive, finance, audit and legal staff as well as external personnel, including auditors and regulators.
• Proven leadership ability.
• Ability to set and manage priorities judiciously.
• Ability to present ideas in business-friendly and user-friendly language.
• Exceptionally self-motivated, directed and detail oriented. Superior analytical, evaluative, and problem-solving abilities.
• Ability to motivate and lead control owners in a team-oriented, collaborative environment.

Requirements

• A minimum of five (5 – 7) years of progressively increasing responsibility and achievement in the Information Technology area with at least four (4) years in IT audit and/or compliance, including experience with SOX, GDPR and other privacy regulations.
• A Bachelor’s Degree in a related technical or business discipline is required.
• Knowledge and working experience with SOX, privacy regulations, security audit/review processes and applying corporate and federally mandated policies.
• Experience managing projects in a team-oriented cross-organizational environment.
• Knowledge and experience in IT risk and compliance management programs related to IT Audit, 3rd Party Risk Management, Security, and Privacy Regulations.

Relocation Available? Yes

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, color, religion, age, national origin, gender, gender identity, gender expression, sexual orientation, marital status, veteran status, military status, or disability status.

Relocation Available:

Yes, Within Country