The IT Audit and Compliance Coordinator is responsible for all IT audit management activities and is responsible to maintain the IT audit framework and its associated controls and reporting. This individual identifies, assesses and evaluates IT controls to ensure the successful execution of clients IT governance strategy. The IT Audit and Compliance Coordinator must work closely with the internal/external audit, compliance, and enterprise risk management teams to develop and implement information systems controls to ensure function effectively and efficiently.
Information Systems Control Monitoring and Maintenance
- Monitors and maintains information systems controls to ensure they function effectively and efficiently.
- Plans, supervises and conducts testing to confirm continuous efficiency and effectiveness of information systems controls.
- Assesses and recommends tools and techniques to automate information systems control verification processes.
- Collects information and reviews documentation to identify information systems control deficiencies.
- Reviews information systems policies, standards, and procedures to verify that they address the clients' internal and external requirements.
- Determines the approach to correct information systems control deficiencies to ensure that deficiencies are appropriately considered and remediated.
- This individual maintains sufficient evidence to support conclusions on the existence and operating effectiveness of information systems controls.
- Provides information systems control status reporting to relevant stakeholders to enable informed decision-making.
- Participates as a core team member on maintaining and implementing Information Systems Continuity (ISC) strategies, as well as, participation in scheduled exercises throughout the year.
Risk Mitigation & Response
- Identifies and evaluates risk response options and provides management with information to enable risk response decisions.
- Reviews risk responses with the relevant stakeholders for validation of efficiency and effectiveness.
- Applies risk criteria to assist in the development of the IT risk profile.
- Assists in the development of risk response action plans to address risk factors identified in the organizational risk profile.
- Collects and validates data that measure key risk indicators (KRIs) to monitor and communicate their status to relevant stakeholders.
- Monitors and communicates key risk indicators (KRIs) and management activities to assist relevant stakeholders in their decision-making process.
- Facilitates risk assessments and risk management process reviews to ensure they are performed efficiently and effectively.
- Insurance industry experience & product knowledge preferred
- Certified in Risk and Information Systems Controls (CRISC) is preferred
- Information systems Control and Risk experience is required
- Information Systems Continuity (ISC) knowledge is preferred
- Excellent written and verbal communication skills
- Demonstrated relationship management skills with the ability to build strong relationships across the all levels of the organization
- Strong influencing skills with the ability to ensure processes are followed
- Demonstrated ability to create a collaborative environment and work through conflict to find appropriate solutions to key issues
- Demonstrated expertise and experience in developing presentations and collateral materials to support the initiatives
- Must be a team player and able to work collaboratively with and through others