IT GRC MANAGER

POSITION

IT GRC MANAGER

LOCATION

Tampa, FL (Onsite)

DURATION

6+ month C2H

REQUIRED SKILLS

Key Responsibilities:

IT Risk Assessments:

Conduct comprehensive IT risk assessments, including identifying and analyzing potential threats and vulnerabilities across applications, infrastructure, and data.

Develop and maintain risk registers, documenting identified risks, their potential impact, and mitigation strategies.

Collaborate with IT and business stakeholders to prioritize and remediate identified risks.

Assess impact of IT changes to policies, risks, controls, and governance process (including but not limited to disaster recovery, RCM)

SOX Compliance:

Maintain and update the Risk and Control Matrix.

Evaluate the design and monitor the execution of management's SOX controls.

Participate in business process walkthroughs to identify application controls, reports, and ITdependencies/risks.

Review SOC reports and map control deficiencies to relevant IT risks.

Ensure all control evidence of operating is maintain timely, with appropriate detail for all IT controls; own the development, reporting, completion of control remediation plans

Train and educate IT teams and control owners on the effective operation of controls

Application and Data Transfer Controls, Report (IPE) Validation:

Identify the application controls, interfaces/batch jobs and reports key to supporting SOX business processes

Evaluate the design and effectiveness of application controls.

Evaluate the design and effectiveness of controls intended to mitigate data transfer errors/incompleteness

Evaluate the design (completeness and accuracy) of reports used for key controls

Third-Party Risk Management:

Develop and implement a third-party risk management program.

Monitor and manage risks associated with third-party relationships.

Disaster Recovery:

Develop, maintain, and test the IT disaster recovery plan, inclusive of supporting audits and requests for understanding and evidence by 3rd parties

Cyber Security:

Perform cyber security posture evaluations

Design and execute strategies to evaluate the ICFR impact of cyber security incidents

Draft the appropriate disclosures regarding cyber security posture and cyber incidents and response as necessary

Ongoing Regulatory Compliance:

Ensure compliance with relevant regulations and industry standards (e.g., SOX, NIST).

Assist with internal and external audits.

Develop and deliver GRC training to IT and business stakeholders.

Skills/Qualifications:

Advanced knowledge of SOX controls and compliance; experience implementing or improving SOX

Strong drive and organizational skills inclusive of project and program management

Ability to proactively, productively manage diverse stakeholder groups

Excellent accounting and analytical skills

Technical expertise in ERP system design and operation

In-depth knowledge of IT governance frameworks (e.g., COBIT, ITIL) and risk management methodologies

Excellent interpersonal and communication skills, verbal and written

Strong understanding of SOX requirements and IT general controls (ITGCs).

Ability to analyze and solve problems, results oriented

Able to prioritize work, and determine when necessary to switch priorities

Experience with SAP preferred

Education and Experience:

Undergraduate degree in Accounting, Information Technology, Computer Science or related technical degree required

Certified Public Accountant (CPA), Certified Internal Auditor (CIA), Certified Information Systems Auditor (CISA), or Certified in Risk and Information Systems Control (CRISC) designation required (two or more preferred)

5+ years relevant work experience in public accounting or 8+ years industry required

3+ years working with SOX in the IT domain with or for a company listed on a US market required