The IT Compliance manager is responsible for monitoring, managing, and closing existing internal and external audit issues, and ensuring that internal systems are compliant with security standards and controls including regulatory requirements.
Regulatory Requirement Mapping to IT controls:
- Translate regulations into clear, easily understood regulatory requirements and desired outcomes.
- Map regulatory requirements across regulations to identify overlapping requirements and compliance efficiencies.
- Analyze existing IT key controls and develop a combined new IT key controls for combined company.
- Work with IT project team and make sure that all new project to follow IT SDLC and security and controls are addressed.
Monitoring IT Controls:
- Track key IT controls and maintain up-to-date records and corresponding mitigating controls.
- Ensure that Information Security policies comply with regulations.
- Coordinate with other compliance functions – like Internal Audit, Legal, and Privacy – to track compliance across the organization and manage IT requirement.
- Work with all IT functional teams to ensure controls are effective and appropriately address the relevant compliance requirements including IT SDLC.
- Develop and manage vendor risk assessment process for new vendors and conduct regular risk assessment for existing vendors.
- Technical expertise and experience implementing security controls including SOX compliance.
- Prior experience analyzing and applying regulatory requirements to security practices.
- Demonstrated organization, facilitation, communication, and presentation skills.
- Demonstrated ability to lead and execute across a range of businesses and functions with differing issues and interests.
- Excellent prioritization capabilities, with an aptitude for breaking down work into manageable parts, effectively assessing the priority and time required to complete each part.
- An ability to work on several tasks simultaneously and pay attention to sources of information from inside and outside one’s network within an organization.
- An ability to effectively influence others to modify their opinions, plans, or behaviors, with an emphasis on collaborating across multiple teams and ensuring program needs are satisfied through interpersonal and trusted communication.
- An ability to identify and assesses the severity and potential impact of risks and communicate risk assessment findings to risk owners outside Information Security in a way that consistently drives objective, fact-based decisions about risk that optimize the trade-off between risk mitigation and business performance.
- BS in Computer Science, Information Security, or a related field.
- Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM).
- 10+ years of experience in an IT Audit or Risk Management role.
- 10+ years of experience with regulatory compliance and information security management frameworks (e.g., SOX, IS027000, COBIT, NIST 800, etc.).