IT Risk & Compliance Manager
This is an important role in supporting the overall vision of the IT Risk & Compliance Program at SPE, which is to Govern IT Security, Risk and Compliance activities and initiatives to ensure internal and external regulatory compliance, minimize risk, and protect SPE from undue IT security threats and vulnerabilities. The IT Risk & Compliance Manager is a skilled IT professional who uses his/her deep knowledge of the IT environment and a risk based approach to monitor and enforce organization wide IT standards, policies and procedures. She/he has the primary responsibility of supporting the IT Risk & Compliance Director with day to day execution of IT Risk & Compliance priority projects and serves as ambassador to stakeholders in IT, Legal, Information Security, Corporate Compliance, and Internal Audit regarding IT Risk & Compliance related efforts.
Key responsibilities are to:
· Engage in audit planning and review sessions to ensure reasonableness of findings and management action plans
· Support development, implementation and enforcement of organization-wide risk and compliance standards, policies and procedures.
· Escalate IT Risk & Compliance related issues or concerns to IT Risk & Compliance Director
· Support the tracking and remediation of open IT audit findings to ensure on track resolution and risk mitigation
· Engage with stakeholders cross organizationally to ensure IT Risk & Compliance issues or inquiries are properly addressed by the IT Risk & Compliance program
· Manage and maintain central knowledge repository for IT Risk & Compliance related materials and resources, including IT procedures and policies
· Project manages and/or support IT Risk & Compliance projects and initiatives
· Work closely with various IT stakeholders, including information security, server and network operations, and applications development teams to ensure compliance of risk management procedures, systems, and policies.
· Work with IT Risk & Compliance director to assess compliance violations, incidents and responses.
· Monitor application of IT audit objectives and approaches in compliance with auditing standards and requirements.
· Provide compliance assessment and reporting for IT projects, programs and operations.
· Determine proper remediation for non-compliance and monitor for effectiveness.
· Provide input to SPE audit, SPE Compliance and SPE legal
· Support all phases of audits to insure progress according to audit plan; monitors status and escalate issues to IT Risk & Compliance Director
· Communicate IT Risk & Compliance policies and aid in the development of the procedures.
· Support the development of IT Risk treatment plans and manage compliance continuous improvement programs
· Monitor regulatory environment for impact on security, risk and compliance programs and initiatives
· Stay informed about technology trends, directions and uses throughout the industry; utilize information to apply the most current and appropriate technologies to support the risk and compliance business need, and to anticipate and seize new opportunities.
· Support risk assessments, audit work and compliance with internal and external review / audit organizations. Plan risk mitigation strategies
· Support IT risk and compliance activities with internal IT staff to meet compliance reporting requirements and timeframes
· In partnership with Learning and Development, support the development of IT Risk and Compliance training curriculum
· Perform research on best practice IT Security, Risk and Compliance standards and technologies
· Prepare and maintain IT Risk & Compliance reporting
· Deep understanding of IT Audit and risk based audit approaches
· Deep knowledge of Security, Risk, and Compliance (SRC) methods and technologies
· Understanding of global and domestic regulations and standards (PCI, PII, EU Safe Harbor, HIPPA, COFA)
· Strong understanding of ISO 27001/27002 framework
· Strong project management skills with proven track record for delivering results
· Strong organizational skills; ability to balance multiple tasks simultaneously
· Excellent interpersonal skills; comfortable dealing with a large span of people from middle tier management to business analysts
· Strong relationship management skills; recognizes the benefit of investing in relationships
· An excellent understanding of business ethics and the ability to keep sensitive information confidential
· Strong critical thinking and problem solving skills; knows when to escalate issues and risks to upper management
· Strong communication skills – verbal, listening, written, and presentation
· Strong technical skills (MS PowerPoint, Word, Excel, SharePoint, Project, Visio etc.)
Capable of working independently, as well as in team / collaborative settings
· 5+ years of IT audit or IT compliance experience
· 3+ years of program and project management experience
· Prior experience at Big 4 or in an IT auditor role a plus
· Prior experience working within an Information Technology organization, supporting enterprise level IT functions and processes a plus
Experience in Management Consulting, IT Governance, or Change Management a plus