Responsibilities:
• Responsible for the design, documentation, development, testing and deployment of various
business intelligence and planning applications, dashboards and reports in support of the
business.
• Plan, define, design, and implement information technology and data compliance processes,
configurations, and technologies and support compliance reviews with internal and external
stakeholders to provide timely deliverables and rapid remediation.
• Lead information IT Risk and Compliance projects throughout all phases, coordinating and driving
communication, facilitating decisions, and ensuring follow-through on the execution of projects
with internal and external
• Develop compliance metrics and performance dashboards for regular reporting to all organization
levels on performance and Compliance status and performance.
• Works with the Chief Compliance Officer and other stakeholders to review existing Compliance
scope and identify areas for control rationalization, control enhancement, & testing approach
changes.
• Create and administer training and awareness programs for control owners and end-users.
• Stays current and communicates security regulations, industry trends, new threats and attack
techniques, mitigation techniques, & emerging security technologies.
• Responsible for managing all Computer Incident Response Team Activities
• Collaborate with IT technology and process owners to ensure timely completion of scheduled and
ad-hoc audits and compliance.
• Collaborate with Development teams and business and system owners regarding testing of new
risk and compliance-related software capabilities, programs, and applications.
• Assists in annual planning and maintenance of the IT risk control matrix for relevant IT systems
and controls.
• Review and help refine controls and compliance processes and identify opportunities to ensure
proactive management and mitigation of risks.
• Partners closely with cross-functional teams, including IT Operations, IT Business and Practice
Systems, Accounting, Finance, and Internal/External Audit.
• Ensure new software programs meet compliance requirements before they are made operational.
• Review vendor SOC evaluations for adequacy and identify exceptions and work with internal
leads to ensure exceptions are appropriately addressed and other complementary controls are in
place and operating effectively
• Special projects as assigned
• Travel may be required (less than 20% of time)
Experience:
• 5 years of experience with project or program management, governance and security processes
• 5 years of experience with one or more security compliance frameworks: AICPA Trust Principles
(SSAE 16 – SOC 2 and 3), NIST, ISO 27000 Series, PCI DSS, HIPAA, SOX, SANS CIS Critical
Security Controls, regulations governing personally identifiable information and other regulatory
compliance frameworks.
• Strong background in information technology and a clear understanding of the challenges of
information security
• Excellent communication and presentation skills
• Excellent organization, time and project management skills with the ability to work independently
and proactively
• Strong analytical and problem-solving ability
• Ability to operate when requirements are not clear and manage dynamic changes to environment.
• Bachelor’s degree in computer science, information technology, or a related field or equivalent
experience
• 5 years of experience with project or program management, governance and security processes
• 5 years of experience with one or more security compliance frameworks: AICPA Trust Principles
(SSAE 16 – SOC 2 and 3), NIST, ISO 27000 Series, PCI DSS, HIPAA, SOX, SANS CIS Critical
Security Controls, regulations governing personally identifiable information and other regulatory
compliance frameworks.
• CISA (CISM, CISSP is a bonus)