- Assist in managing the planning, designing, writing, and finalization of policies, control framework and procedures.
- Responsible for the monitoring of overall adherence to the IT controls through regularly scheduled reviews of in-scope technical areas.
- Experience performing risk and compliance assessments and in-depth knowledge of industry standards and regulatory requirements (e.g., HIPAA, SOX, FISMA, NIST, ISO 2700X, COBIT, FFIEC, NERC CIP, etc.)
- Ensures compliance with contractual requirements that are usually based on NERC/CIP, ISO 27001, COBIT, NIST 800-53 etc.
- Performs assessments of Third Party services providers including cloud services such as IaaS, PaaS, and SaaS etc. for adherence to best practices or known frameworks like COBIT, ISO 27001/27002 etc.
- Review and provide guidance from compliance perspective across areas such as application controls, logical access controls for applications, operating systems and databases, backup and recovery procedures, change controls, pre and post deployment assessments, user administration, perimeter security, network/application architecture and selected configuration management controls on technical platforms such as VPNs, VMWare, Windows Server 20XX, AIX-UNIX , Linux and Cisco firewalls.
- Work with IT to close issues through oversight and review of remediation plans and accompanying evidence.
- Stays up-to-date on changes to technology, internal policy and standards, and relevant regulatory programs, and evaluates potential impacts on the risk and controls and suggests modifications to IT control framework.
- Assist in managing, training, coaching and developing junior staff and/or external consultants to ensure that timeline and deliverable requirements are met.
- Leads large and/or multiple projects with assigned resources.
- Engage with IT and/or Accounting control owners, including management, to review audit testing results and influence decisions.
- Work with the manager and other team members to identify opportunities for improvement or gaps in existing processes. Takes initiative to develop new approaches and tools.
- 4-year degree in MIS, Information Systems, Computer Science, Engineering or Accounting MS or MBA preferred
- CISA, CIA, CPA, CISM, CISSP, MCP, MCSE, CCNA at least 1 certification required or other applicable for the job certifications are desired
Required Professional Experience:
- 6-8 years in IT Compliance, IT Audit, IT Security or IT related field