Job Specifications
IT Regulatory Compliance Program Manager
As a Program Manager for IT Regulatory Compliance, you have the unique opportunity to have a direct and measurable impact on the organization's strategic direction and the company's bottom line. You'll need skills that enable you to partner and collaborate in other people's technical and business groups, rapidly learn the nuances of their business and control areas, complete robust analyses, and recommend meaningful changes in critical business processes for risk management and control compliance. This role requires the ability to work cross functionally with IT, Business, Finance, Risk and compliance and audit teams, applying analytical skills in dissecting moderately complex problems and delivering clear recommendations to improve results. This role also interacts with technical IT teams across the company and so must also be able to communicate complicated analysis, logic, and solutions in a clear and concise manner. Given the impact this position can have on company direction, you must feel comfortable taking and defending polarizing positions based on your work.
Job Responsibilities:
Run day-to-day operational supplemental support for CMMC (CyberSecurity Maturity Model Certification), NYDFS (New York Department of Financial Services, CPNI (Customer Privacy Network Information, PII - (Personal Identifiable Information), PSR - Privacy Security Reviews, CCPA - California Customer Privacy Act), PCI - Payment Card Industry)
Assist in establishing and implementing enterprise-wide Information Technology Operational risk and governance programs including developing the framework, methodology, and tools for risk assessment, issue management, ongoing risk monitoring and reporting, as well as Governance, Risk and Compliance (GRC) platform management. Utilize COSO, COBIT, and NiST800-153 Frameworks to guide and direct.
Collaborate with Compliance teams to ensure regulatory processes are updated as they evolve. Ensure that policies and procedures are in-line with the latest regulatory guidance. Communicate the compliance framework to all relevant stakeholders at all levels (internal and external).
Assess end-to-end technology processes for the organization from planning, scope development to execution. This includes:
Design and evaluate end-to-end business systems architecture and processes to effectively manage IT risks to document the end-to-end systems architecture and process to enable risk analysis to be performed.
Identifying IT and financial risks, and designing financial, ITGC and data integrity controls to mitigate these risks leveraging GRC systems and standards such as NIST, COSO/COBIT, and other accounting/audit standards such as IIA - International Institute of Auditors.
Collaborate with IT, business, 2nd and 3rd line risk functions to update Government and Privacy Control documentation including process flowcharts, narratives, risk and controls matrices and the evaluation of scoping of controls as new systems are developed or modified.
Proactively find opportunities for automating controls through the use of analytics and by partnering with various teams in implementing automation to improve risk mitigation efforts.
Validate design of IT data integrity and general controls and facilitating internal and external audits of technology processes.
Identify root cause and opportunities for improvement of internal controls and acquire consensus on remediation plans with key business partners (IT Operations, Product, Information Security and CTP Government and Commercial Compliance teams).
Remediate Government and Privacy Controls and IT issues for audit and self-identified issues, including development and handling execution of remediation plans to remediate risks in achieving operational and compliance objectives.
Oversee the ongoing monitoring of risks and controls by the IT 1st line and establish ongoing risk reporting for IT leadership.
Education:
Bachelor's Degree Computer Science, Information Technology, Information Systems, Accounting, Business or a related field Area of Study (Required)
Work Experience:
4-7 years' Experience in an IT organization, experience working in Government and / or Privacy Program environment. (Required)
Significant exposure to the following frameworks: NIST, COBIT, SOX and COSO
Knowledge, Skills and Abilities:
Communication (Required)
Microsoft Office (Required)
Microsoft Visio (Required)
Microsoft Project (Required)
Internal Audit (Required)
Internal Controls (Required)
Aurora/Archer Tool for GRC
Visio - Data Flow Diagrams
Imperva / Tripwire Agents
Licenses and Certifications:
Certified Information Systems Auditor (CISA) (Preferred)
Certified Information Systems Security Professional (CISSP) (Preferred)
About the Company
EDZ Systems (EDZ) provides Intelligent Global IT Solutions, a proprietary Intelligent Resource Management System (Intelligent RMS) and Strategic Consulting Services worldwide, helping companies to optimize their people, projects, matters, engagements and results.
Our unique approach brings comprehensive skill sets, industry knowledge and a passion for technology to every project. A minority and woman owned business, our solid reputation has been established through more than 35 years of IT experience, effective communicat...
Know more