As the company's first line of defense, The IT Administration & Compliance Department provides independent oversight of risk-taking activities. As a member of the Governance team, the IT Process, Controls, Risk, and Compliance Supervisor will oversee compliance programs designed to measure and report on technology risk across the enterprise. They will provide an independent analysis of control effectiveness based on regulatory requirements, industry best practices, and standards. They will drive the quality of our technology products using established risk and control frameworks (such as SOX, Security, Privacy, Confidentiality, Third Party or SOC/ISAE) to ensure that development, hosting, deployment, and other risk decisions comply with existing firm policies, professional standards, laws and regulations, and other internal and external requirements. You will collaborate with various groups and will be required to understand their roles and responsibilities in the overall IT control structure.
This role reports directly to the Vice President, IT Process, Controls, Risk, and Compliance and will execute compliance work to assess the adequacy of controls on various technology infrastructure products, reporting the results to senior management within the IT Administration & Compliance division.
Summary Essential Job Functions
Very strong knowledge and understanding of, or the ability to learn, the regulatory requirements and professional standards involving the development, documentation, review, retention, and archiving of evidence, including reproduction thereof for professional, legal, or regulatory purposes
Support Compliance and other support group partners with the enterprise-wide enhancement of compliance structures due to new laws, regulations, Corporate and other requirements, and new products
Influence business and clients across the enterprise regarding effective internal controls and mitigating risks cross the full Enterprise taxonomy and challenges business management to adopt appropriate policies and procedures and effective controls designed to mitigate risks
Manage audit engagement-related efforts and assignments of staff with varying degrees of expertise and experience when conducting engagements, specialized audits, or assessments recognizing the cross-matrixing and cross-functionality within the specialized functions/business areas
Ensure assigned audit engagements are completed objectively, professionally, timely, and in accordance with corporate and industry audit standards
Assist with the implementation of the new RCSA future state program for Risk Identification and Assessment
Stay abreast of new laws, regulations, and standards, and assess their impact on the business
Assist with the implementation of new laws, regulations, policies, Corporate requirements, and new products
In this role, the IT Process, Controls, Risk and Compliance Supervisor will be required to learn about industry regulations, Corporate and other policies, and standards as well as a line of business operational procedures for a wide range of products and services. Key factors for success include strong analytical skills, the facility for conducting independent research and preparing written reviews. The role also requires strong communication skills and ease with building and managing relationships to achieve objectives.
Bachelor's degree in Business or relevant fields such as Finance, Accounting, Business, or Information Technology, or related technical field. Experience can be utilized in lieu of a degree. At least 3+ years in IT, Information Security, Audit, and/or Risk Assessment compliance
Skills and knowledge acquired through professional Development, Tech. Lead, and Management experience are required in each of the following areas: Change Management, Release Management, Configuration Management, Life Cycle Methodologies, Quality Assurance and Testing, Requirements Gathering, and Systems Analysis and Design
Self-starter with a high degree of self-management and commitment to delivery timelines
Proven interpersonal, communication, and presentation skills
Reasonable familiarity with Audit or other regulatory technology applications
Applicable knowledge of national and global compliance policies, regulations, and security frameworks
Capable of working with diverse teams and promoting an enterprise-wide positive security culture
Advanced degree in a technology-related field
Working knowledge of the NIST Cybersecurity Framework