Manager, IT Risk & Internal Controls and Compliance

About The Position

Requirements

• 6+ years of relevant experience, including IT SOX, IT audit, or risk management at a public company or Big 4/public accounting firm.
• Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Information Security Controls (CRISC) or equivalent qualification and other IT risk and controls experience.
• Bachelor's degree in information systems, Accounting, Finance or related field
• Strong understanding of SOX 404, COSO, COBIT, and PCAOB standards.
• Experience designing, implementing, and maintaining a comprehensive IT governance framework, policies and procedures that aligns with industry best practices (e.g., ISO 27001, NIST, COBIT) and compliance with applicable laws and regulations
• Proficient with SAP GRC modules Access Risk Analysis (ARA) and Emergency Access Management (EAM) and/or other similar automated provisioning GRC tools
• Experience with identifying and assessing ITGCs, application and interface controls, key reports, and SOC reports.
• Strong interpersonal and organizational influencing skills
• Ability to communicate in a simple, articulate, thoughtful manner to varying audiences
• Innovative spirit to work cross-functionally in developing improvement ideas
• Conflict management and negotiation skills
• A pleasant, likeable manner while accomplishing challenging results
• When developing a framework and process for ongoing design
• Implementing operational effectiveness and testing of key controls
• Creating key IT process and data flow maps to identify control weaknesses
• Creating risks and control matrices (RCMs)
• Experience with project management including working within complex business environments for multi-national organizations collaborating and partnering with both with Internal auditors and External auditors
• Advanced problem-solving experience involving leading teams in identifying, researching, and coordinating the resources necessary to effectively troubleshoot/diagnose complex project issues; prior success extracting/translating findings into alternatives/solutions; and identifying risks/impacts and schedule adjustments to facilitate management decision-making.
• Comfortable navigating complex IT environments, including ERP systems, cloud platforms, and cybersecurity frameworks
• Ability to translate complex IT and control concepts into business-friendly language.
• Excellent stakeholder management skills. Ability to cultivate and maintain solid relationships with key stakeholders across organizational teams and third-party suppliers
• Previous change and transformation experience, preferably at a managerial level
• Must have expert proficiency in Microsoft Word, Excel, PowerPoint, Data and Analytic Tools (i.e., Tableau, Power BI, Alteryx, etc.,) and Outlook
• Must be 18 years old or older
• Must pass pre-employment drug screen and criminal background check
• Strict adherence to safety requirements and procedures as outlined in the Employee Handbook
• Willingness to work independently within a team environment and other duties as required
• Moderate travel required

Nice To Haves

• Familiarity with ERP systems (e.g., SAP, M3, Oracle Cloud, NetSuite, PeopleSoft).
• SAP experience preferred

Responsibilities

• Develop and maintain IT security policies and procedures to ensure compliance with applicable laws and regulations
• Lead IT risk assessments and maintain the risk register
• Design, implement and maintain a comprehensive IT governance framework that aligns with industry's best practices (ISO 27001, NIST, COBIT)
• Monitoring compliance with internal policies and external regulations and preparing audits and assessments.
• Assist in evaluating risks and identifying controls for ongoing ERP transformation
• Assist in risk owner responsibilities and evaluating the segregation of duties for access management.
• Monitor emerging risks in IT compliance, including cybersecurity threats that could impact SOX controls.
• Ensure clear, timely and efficient communication channels exist to provide status updates, identify, and resolve issues and report on any other matters as needed
• Build relationships with key internal stakeholders and promote the function of a trusted partner
• Identify opportunities to make the compliance process more effective and efficient through data analytics and continuous monitoring
• Apply knowledge of risk and controls best practices to promote transformational activities
• Drive the SOX compliance function to move beyond SOX compliance by adding value across the end-to-end financial reporting controls process
• Engage with relevant external stakeholders to align and optimize work practices
• Create a climate where people are motivated to collaborate with Compliance to help achieve the organization's compliance objectives

Benefits

• Highly competitive base pay
• Comprehensive medical, dental and disability benefits programs
• Group retirement savings program
• Health and wellness programs
• An inclusive culture that values opportunity for growth, development, and internal promotion