IT Compliance Analyst IV

Hanger, Inc.

21h

About The Position

As the IT Compliance Analyst IV you will perform internal information technology system audits and risk assessments. You will develop and implement an audit and control framework to monitor IT production environments for potential system integrity exposure and control weaknesses. You will use your experience to identify various risks (e.g., financial, operational, compliance) to the organization and make recommendations for corrective actions/mitigation of risks. Your work will include evaluating complex information systems and controls including but not limited to applications, business control processes, change control management procedures, security, networks, and computer and data center operations. You'll report findings to management and communicate recommendations for corrective actions.

Requirements

Bachelor’s degree from a four-year college or university.
8 years of progressive experience relevant to handling compliance issues around Sarbanes-Oxley (SOX), PCI, and/or HIPAA privacy issues for IT.
Required certifications: CISA or CISM.

Nice To Haves

Experience leading complex audit projects and driving positive outcomes in a fast-paced environment.
Demonstrated success in bringing non-compliant business units into compliance and managing compliance life cycle.
Proficient in performing audits, responding to audits, and facilitating IT's compliance with an Internal Audit department.
In-depth experience with writing policies specific to IT systems or controls and for the business-at-large
In-depth knowledge and experience in bringing previously non-compliant business units or subsidiaries into compliance, including deep-dive discovery of existing policies and procedures of non-compliant entity and managing the full compliance lifecycle of that entity as it becomes fully compliant.
Strong system implementation and maintenance experience.
Strong planning, communication, negotiation, leadership, and relationship-building skills.
CIA and/or CISSP a plus.
Ability to work closely with Analysts, Project Managers, Developers, and Middle- and Senior-level management across the entire organization.
Strong understanding of control overlap between regulatory requirements & governance frameworks, and how to track that overlap to the extent that individual controls for overlapped framework areas do not exist.
Understanding of multi-regulatory/governance environments and how to build controls and tie those controls to policies and procedures in such a way as to cover multiple regulations or governance frameworks or requirements with a single policy, standard, procedure, or guideline.
Ability to get work done through people and excellent interface skills are essential.
Ability to work in a dynamic environment and oversee multiple initiatives and/or large, complex projects.
Healthcare or other government regulated industry experience desired.
Experience in developing an ISO 27000 ISMS desired.
Ability to comprehend SQL required.
ISACA certification is beneficial.
CISSP and/or technical security certification beneficial.
Act with integrity in all ways and at all times, remaining honest, transparent, and respectful in all relationships.
Keep the patient at the center of everything that you do, building lifelong trust.
Foster open collaboration and constructive dialogue with everyone around you.
Continuously innovate new solutions, influencing and responding to change.
Focus on superior outcomes, and calibrate work processes for outstanding results.

Responsibilities

Read and understand complex legal and regulatory requirements, translate them into practical business processes, and provide detailed and continual guidance to IT staff to ensure those requirements are met.
Lead tactical planning and execution of day-to-day activities, leading the team to ensure goals are met in an ever-changing environment under strict deadlines.
Provide progress updates to department leaders and shift team focus as needed to ensure on-time completion of required activities
Work and communicate efficiently, clearly, and succinctly with all levels of technical, business, and executive staff.
Communicate emerging issues, potential risks, audit results, and IT compliance issues to all impacted areas in a timely fashion.
Perform and develop daily, monthly, quarterly, and yearly auditing tasks to ensure compliance is maintained across all of IT’s systems and processes.
Design and manage projects consistent with the IT organization’s SDLC.
Assist IT teams with the development of policies, standards, procedures, and guidelines that are backed by Hanger’s enlisted governance frameworks, assists IT teams with the development of questionnaires and evidence gathering techniques to ensure compliance with the teams’ requirements, and assists all organizations with the development of approval workflows for the electronic governance, risk, and compliance system.
Apply expertise in enterprise electronic governance, risk, and compliance systems to manage all aspects of the electronic governance, risk, and compliance system.
Identify and periodically evaluate IT controls, countermeasures, and policies and procedures to mitigate and/or manage risk to acceptable levels.
Provide documentation of adherence to controls for internal and external auditors.
Oversee and assist with any governance- or compliance-related remediation efforts within IT.
Identify and report on risk and initiate corrective action to meet business and regulatory requirements.
Raise awareness of infrastructure and application issues that could cause business risk to the IT organization.
Provide governance and compliance educational services to all organizations.
Develop risk response action plans to address risk factors identified in the organizational risk profile.
Determine the approach to correct information systems control deficiencies and maturity gaps to ensure that deficiencies are appropriately considered and remediated.
Periodically performs technical risk assessments and impact analyses as assigned.
Review contracts, systems, and processes to identify potential issues with the organization’s compliance or governance requirements.
Evaluate the organization’s IT policies, standards, and procedures, and the processes for their development, approval, implementation, maintenance, and monitoring, to determine whether they support the IT strategy and comply with regulatory and legal requirements.
Identify and report on current and potential legal and regulatory requirements affecting IT.
Develop policies, standards, procedures, and guidelines for the IT department.
Design information systems controls in consultation with process owners to ensure alignment with business needs and objectives.
Relate regulatory and business requirements to real world work environments.
Apply technical knowledge of IT security, infrastructure, and development best practices to enhance the organization’s risk profile and overall compliance and governance health.

Benefits

Competitive Compensation Packages
8 Paid National Holidays & 4 additional Floating Holidays
PTO that includes Vacation and Sick time
Medical, Dental, and Vision Benefits
401k Savings and Retirement Plan
Paid Parental Bonding Leave for New Parents
Flexible Work Schedules and Part-time Opportunities
Generous Employee Referral Bonus Program
Mentorship Programs- Mentor and Mentee
Student Loan Repayment Assistance by Location
Relocation Assistance
Regional & National traveling CPO/CO/CP opportunities
Volunteering for Local and National events such as Hanger’s BAKA Bootcamp and EmpowerFest