Compliance and Governance Manager

Our client seeks to add a key member to its team by employing a dynamic professional as its next IT Compliance and Governance Manager. This role reports directly into the Chief Information Security Officer. This role can be based in NY, NJ, or CT.

RESPONSIBILITIES

• Lead ISO 27001-2013 compliance teams in the identification of control objectives and the design of control procedures to address those objectives
• Provide subject-matter experience in practical information security procedures
• Perform strategic risk assessments of enterprise technology initiatives
• Work with IT leadership to create, manage, and maintain information security documentation
• Regularly assess and collaborate to remediate any issues found with corporate systems
• Oversee and provide direction in the review, documentation, evaluation and testing of controls, particularly automated controls on a wide range of IT Systems.
• Identify internal IT controls, assessing their design and operational effectiveness, determining risk exposures and developing remediation plans
• Communicate findings and recommendations to internal personnel
• Work with other members of the IT team to define security standards, and process
• Collaborate with internal and external teams to respond-to and address findings of audits
• Work with various vendors and service providers to ensure compliance with applicable standards
• Professionally represent the IT team as a technical consultant on related projects
• Maintain a good working knowledge of current and emerging information security and compliance trends
• Understand needs, identifying root causes of problems, and implementing pragmatic solutions.
• Determine technical and business impact of identified security and control issues and provide remediation guidance
• Perform other duties or special projects as needed.

REQUIREMENTS

• Bachelor’s degree in a technical or analytical field or equivalent experience
• Licensed professional of the following including, but not limited to Certified Information Systems Auditor® (CISA®), Certified Information Systems Security Professionals® (CISSP®); Certified Information Security Manager® (CISM®) and Certified Information Privacy Professional (CIPP).
• BS/BA degree in Accounting, Computer Science, Information Systems or other relevant field required.
• 4-7 years’ experience in IT Audit, IT Security, Information Risk Management, IT Governance or other IT Compliance related work.
• Extensive experience with IT internal controls and their applicability with regards to financial reporting and information systems support processes.
• Experience in the performance ISO-27001 Control assessments
• Experience in the performance of Service Organization Control (SOC 1, 2, & 3) assessments.
• Technically knowledgeable in cross-platform system security – particularly with regards to operating systems, databases, networking and transactional processing environments.
• Proficiency with a variety of operating systems including Windows, UNIX or LINUX.
• Proficiency with commercial and open source database management systems (MS-SQL, MySQL and Oracle).
• Competently analyzes and prioritizes information to make appropriate recommendations.
• Ability to synthesize all forms of research into clear, thoughtful, and actionable deliverables.
• Ability to effectively manage small teams of professionals, and delegate work assignments, as needed.
• Excellent oral and written communication skills.
• Broad skillset with the following:
  • IT Risk Assessment
  • Windows Server/Azure
  • Cloud Services
  • Audit Management
  • Technical Writing/Documentation
  • Industry Standard Certifications (ISO, SSAE)
• Awareness of software application technologies and IT service methodologies
• Successful problem solving and analytical skills.
• Ability to work within a diverse environment
• Passion for customer service
• Excellent verbal and written communication skills