Vacancy expired!
IT GRC with Regulatory Compliance and Audit experienceLooking for an IT GRC person. The preference is for someone who came up through audit and have regulatory experience. SEC CFTC but not necessary! Must have It security cloud and know the frameworks NIST CSF ISO COBIT Etc. any archer and/or tableau a big plusSELLING POINTS: Cloud COBIT NIST CSF NIST 800-53 COSO ITIL ISO27001 ISO9001 GRCOpen to sponsorship must have at least two years leftHybrid 2 days in office 3 days remoteThis role will regularly interact with the Information Technology (IT) and Security Services departments. The Associate Principal (IT) will support the continued development and implementation of the IT and Security Services Compliance program which includes: process (policy, standards, procedure) and control development, risk identification and mitigation, and supporting regulatory exams. The Associate Principal will also be responsible for recommending enhancements to the performance, integrity, and compliance of the organization’s processes. This role is highly focused on review of the organization’s compliance with applicable regulatory and legal rules and requirements (i.e., SEC, CFTC, Federal Reserve, etc.) as they relate to technology and information security.
- Contribute to the development, maintenance and continuous improvement of the Regulatory Framework including policies, procedures, and controls
- Act as an advisor in compliance matters
- Assist the organization in evaluating new products, key business initiatives, significant technology, and systems to ensure compliance with policy, laws, and regulations
- Participate in or lead compliance programs, projects, system implementations, or initiatives
- Interpret policies, laws, and regulations and assists the organization in determining applicability and implementation strategy
- Broad knowledge of applicable regulatory, legal rules and requirements (e.g., SEC, CFTC, Federal Reserve, etc.).
- Possesses proficiencies with the use of risk and control frameworks, and process improvement frameworks including for Cloud environment (e.g. COBIT, NIST CSF, NIST 800-53, COSO, ITIL, ISO 27001, ISO 9001, CMMI)
- Familiarity with Systems Development Life Cycle (SDLC) agile process and Secure Software Development Lifecycle
- Comprehensive analytical, conceptual, and problem-solving skills.
- Ability to work independently and as a member of a team, collaborating with internal business clients from different departments and at various levels of seniority.
- Excellent organizational, written and oral communication skills.
- Demonstrated ability to gather, analyze, and evaluate facts and prepare and present concise oral and written reports.
- Proficiency with MS Office software, GRC tools and web-based reporting tools.
- Proficiency with Cloud Computing Models, Risks and Cloud Control Environment. (AWS etc.)
- Experience with document management tools (e.g., DMS, PolicyTech) a plus
- 5+ years of experience in IT/Security Compliance, IT/Security Risk Management, IT/Security Audit, IT, Information Security or related field required
- Bachelor’s degree or equivalent required (Degree in Computer Science or related field a plus)
- Preferred Certifications – CISA, CISSP, CRISC, CCSP etc.
Vacancy expired!