Senior IT GRC Advisor

About The Position

Requirements

• Effective verbal and written communication
• Excellent presentation skills
• Interpersonal (listening, facilitating, interviewing) skills
• Analytical, project management and consulting skills
• Capability to manage multiple projects concurrently with minimal supervision
• Technical skills including knowledge of IT infrastructure, cybersecurity risks, operating systems, databases, networking concepts, and cloud technologies.
• Bachelor’s degree in a technology or audit related field
• Minimum 5-years experience in IT auditing, IT Security or IT risk management
• At least 5-years experience leading, planning, conducting and overseeing complex IT audit and advisory engagements
• Experience conducting risk-based operational and/or technical audits
• Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM)

Nice To Haves

• Working knowledge of the HIPAA Security Rule
• Experience conducting AI Audits and AI Governance Assessments
• 2-years experience conducting cloud platform audits (e.g., AWS).

Responsibilities

• Provides support and/ or co-facilitates risk assessments (information technology, strategic, operational, financial, compliance, etc.) throughout the organization.
• Provides recommendation to management for improvement of overall control environment.
• Collaborates with management to strengthen IT internal controls and/or develop corrective action plans to remediate risks.
• Develop and facilitate workforce education and awareness training programs relevant to CCNC’s internal control environment with focus on IT processes.
• Advise on IT projects and key initiatives providing risk management expertise to ensure risks are identified, assessed and mitigated to an acceptable level.
• Lead and execute audit and advisory engagements of information systems, infrastructure, and IT processes to evaluate the high risk areas to determine the adequacy of policies, procedures and controls and, where appropriate, compare to industry best practices and control frameworks such as the Control Objective for Information and related Technology (COBIT), National Institute of Standards and Technology, Information Technology Infrastructure Library (ITIL) and other relevant authoritative bodies.
• Performs assessments of third party vendors (including cloud systems) to evaluate compliance with contractual and regulatory requirements and IT security best practices.
• Develops and maintains risk management methodologies, tools, templates, internal websites and internal and/or external reports to ensure the quality and effectiveness of GRC initiatives and deliverables.
• Develop and adhere to GRC standards, policies and procedures designed to strengthen CCNC’s internal control environment.
• Fulfill other GRC responsibilities as directed by management.