The IT Compliance Audit Manager will assist the Director of Global, Governance, Risk, Compliance, and Privacy to provide the organization with objective and independent assurance services to support its mission and help achieve its objectives through proactive risk management. He / She will plan and execute IT audits, including identifying risks, lead audit interviews, execute on control testing, prepare/review work papers, review audit-related documentation, review action plans with appropriate management, and validating issue closure and gap remediation. The person will be expected to work collaboratively with business process owners and develop close relationships with management. The ideal candidate will have a track record in building and implementing internal and external audit programs. He or She should be experienced in assessing risk, establishing an efficient control environment, enhancing business processes, and leading process improvements projects.
- Develop and execute the annual Internal and Audit Plans for the organization by collaborating with business process owners and external audit firms. The process includes the identification of audit scope, conducting related risk assessment, and periodically reassessing the organization’s risk thresholds.
- Assist in defining, refining, implementing, and maintaining the Company's audit process, including department standards and procedures.
- Serve as the point person on all internal and other third-party audits.
- Coordinate and/or perform reviews of policies and procedures as deemed necessary to fulfill the approved annual audit plan to provide assurance on controls surrounding areas such as segregation of duties, transaction oversight, and governance.
- Assess risks and internal controls by identifying areas of non-compliance, process weaknesses, inefficiencies, and operational issues as well as opportunities for improvement.
- Participate in continuous monitoring for risks within implementation projects and changes to the control environment.
- Coordinate and/or perform the evaluation and design of controls, as well as operating internal controls, and provide value-added feedback on control strength/weakness, with recommendations for improvement.
- Coordinate the activities of all external auditors including how best to leverage the work performed and results produced from Internal Audit's work.
- Maintain and report on security controls required by NIST, HIPAA-HITRUST, GDPR, PCI, SSAE-18 Type 1 SOC 2, ISO 27001 & SOX and other regulatory requirements and security and privacy compliance frameworks
- Manage the process to track, follow-up, and ultimately close all open audit issues within the organization
- Assist in managing the planning, designing, writing, and finalization of policies, control framework, and procedures to comply with NIST guidelines.
The above statements represent a general outline of principal job functions and should be not be construed as a complete description of all aspects and requirements inherent in this job.
- 3 - 7 years in IT, or Audit, including specialization in IT Security and/or a combination IT Compliance, IT Audit, and Information Security
- Five (5) years experience managing IT Compliance programs and monitoring, with specific emphasis on NIST/ ISO/ HIPAA/PCI/ SSAE-18 related requirements.
- Subject matter expertise with security and compliance lifecycles and industry frameworks, standards, and guidelines (NIST, FISMA, ISO, COBIT, ITIL)
- Experience and expertise in the development, execution, and maintenance of HITRUST compliance or equivalent HIPAA Experience.
- Ability to relate regulatory or framework requirements to multiple parties including engineering staff of both hardware and software.
- Experience in strategic planning, budgeting, consulting, and general industry experience.
- Proficient ability to react to high-pressure dynamic changing environments.
- Proficient ability to effectively utilize resources throughout the organization as well as external vendors.
- Demonstrated effective leadership and communication skills.
- Experience working in a team-oriented, collaborative environment.
- Demonstrated results orientation, initiative, attention to detail, and customer service orientation.
- Excellent written, verbal, and presentation communication skills.
- Obtained or demonstrates an active pursuit of one or more of the following certifications: CISM, CISA, CGEIT, CRISC certifications, Project Management Professional (PMP), or other related certifications.
- 3-5 years' Project Management experience to include Participation in life cycle project implementations (from scoping/planning, requirements gathering, design, development, testing, launch, and support).
This position will work with confidential and proprietary information that requires a signed Employee Non-Disclosure Agreement upon hire.