Participate in governance, risk and compliance related assessments, policy and procedures, awareness and training for end users, change management, internal control identification and measurement per applicable guidelines and frameworks
Conduct comprehensive security assessment and implementation support based on ISO 27001:2022, NIST 800, NIST CSF, PCI DSS and HITRUST. Perform gap analysis, identify risks, and provide actionable recommendations for compliance and security improvement.
Lead risk methodology development and execution maintain updates and mapping of governance, risk and compliance (GRC) assessments for changing requirements/criteria related to SOC1, SOC2, in addition to other regulatory or industry requirements
Work across matrix business environments both internal and external for risk and compliance (audit) readiness.
Work with business units in a consulting role to assist in their understanding of internal controls and measurements in addressing strategic initiatives, business/client drivers and concerns, future audits and compliance requirements.
Lead governance, risk and compliance (GRC) liaison with internal and external audit resources, external customers and government regulators, domestic and international.
Actively support business units request for information and data security risk, technology risk, technical vendor relationship management, product selection and design related to the authority and responsibility of GRC within an Enterprise Risk Management (ERM) model.
Promote a positive, entrepreneurial, consulting, performance focused culture within organisation that works effectively with stakeholders in the development and launch of services and programs that support compliance and company growth.
Support the coordination, tracking and reporting on divisional and business units metrics, results, data modelling, processing, calculating and transformation into meaningful risk metrics and reports.
Job Qualifications:
Bachelor s degree in Computer Science/ Information Technology, Risk Management or equivalent years in experience
Certifications required (two), preferred certifications: Certified Information Systems Auditor (CISA, Certified in Risk and Information System Controls (CRISC), Certified Information System Security Professional (CISSP), or equivalents.
8+ years of combined experience with consulting, external audit, company in house and outsourced internal audit, assurance services, contracts; experience with a Big 4 is required.
8+ years of hands-on combined experience with designing and implementing technology controls in diverse technology environments, including auditing, risk assessments and providing recommendations for remediation.
5+ years of hands-on combined experience, preferred in business process design, system integration, identity access management, data privacy and protection, system development life cycle (SDLC), vulnerability assessment, information technology security, incident response, vendor management, backup and recovery and continuity planning.
8+ years of operational leadership roles that include domestic and international; diverse industry experience preferred, consulting services, financial services and banking, insurance and healthcare, risk and compliance.
8+ years of audit experience with SOC1, SOC2, and regulatory compliance.
8 years of combined hands-on operational experience in; accounting, tax, payroll, human resources, information technology operations, information technology security, risk management.
8+ years as a Subject Matter Expert (SME); working with industry frameworks including COSO, ISO, NIST 800-53, NIST/CSF, PCI, HITRUST, and GDPR.
Experience leading engagements, establishing budgets, developing work programs/plans, building relationships, mentoring staff, providing performance feedback, and monitoring workloads of team(s) while meeting stakeholder and client expectations.
Advanced written, verbal and presentation skills; including interactions with key stakeholders, internal executive management and external executive management and senior leaders.
Experienced working in remote environments. Independent, motivated self-starter with the ability to analyse complex problems, think critically, problem solve, influence change, provide thought leadership.
Excellent interpersonal skills, including the ability to work across a highly matrixed organization, interacting, influencing, negotiating effectively with all levels of leadership and peers
Experienced with vendor and managed security services with ability to identify continuous improvement opportunities to drive risk assessment effectiveness and efficiency.