IT Risk and Compliance Lead

The Risk & Compliance Lead administers, executes and analyzes a broad set of control-based activities to support our clients compliance objectives. Collaborates with stakeholders in the development and sustainment of trusted processes and procedures. Leads meetings to translate compliance and risk requirements into functional specification and manages the implementation of such requirements.

Responsibilities

• Drive, coordinate and monitor the progress of initiatives/projects related to the remediation of audit findings or control weaknesses, gap analysis results, risk assessment results, and incidents, to minimize the impact of risk and threats
• Collaborate closely with project stakeholders to understand new implementations, ensuring compliance with established controls and regulatory requirements while providing consultation on the design and implementation of controls ensuring Sarbanes-Oxley (SOX) risks are adequately addressed.
• Provides guidance and training to staff and project teams on IT risk management, SOX compliance and effective control design practices, ensuring a culture of compliance throughout the organization.
• Conduct IT controls testing to ensure they are working as designed and in accordance with policies and procedures. Identifies issues to ensure compliance with IT general controls, SOX, and other global regulations/laws as necessary.
• Ensure gaps are identified and mitigated via remediation plans that adhere to processes including timely issue and corrective action submission, accurate root cause identification, corrective action monitoring, and on-time closure.
• Create detailed flowcharts to visualize processes related to new projects, highlighting key control points and risk areas to facilitate understanding among stakeholders.
• Maintain thorough documentation of control assessments, risk evaluations, and compliance processes, preparing reports for management review and external auditors, as necessary.
• Work with internal audit and other departments to ensure alignment in compliance efforts, sharing insights and recommendations for enhancing internal control systems.

Qualifications

• University degree in Information Systems or a related discipline plus generally 8 years of directly related experience.
• Certification in one or all of the following is preferred: CISA (Certified Information Systems Auditor), CISSP (Certified Information Systems Security Professional), CIA (Certified Internal Auditor) or equivalent.
• Proven ability to handle multiple competing goals and projects simultaneously.
• Experience with system implementations and process control design is a plus.
• Knowledge of COSO, COBIT, Sarbanes Oxley and ITIL frameworks