Sr IT Controls & Risk Specialist

About The Position

Requirements

• Bachelor’s Degree in Information Technology, Information Security, Risk Management, Business Administration, or related field. Or equivalent combination of education, professional certifications, and relevant work experience.
• 3+ years professional experience within IT Controls and Frameworks, IT Risk Management, IT Internal Controls, or related GRC field.
• Experience developing or maintaining a controls-based IT compliance framework
• Experience evaluating or auditing web-based software technologies against company or regulatory requirements
• Experience deploying or supporting risk management, compliance, information security, information governance, or privacy programs across a large enterprise
• In-depth understanding of NIST CSF, CIS, NIST 800-53, HITRUST, CMMC, PCI DSS, or similar frameworks. Ability to describe framework scope, composition, and implementation strategies.
• Familiar with the technical components of software technologies, including APIs, web services, and common web and cloud application integration and architecture patterns
• Experience with modern GRC tools and other technologies supporting IT risk management activities
• Experience applying change management methodologies to support IT risk management initiatives
• Strong written and verbal skills, including a demonstrated ability to translate complex or technical information into concepts that are easily understood
• Proven ability to effectively interact with, manage, and influence cross-functional teams and partners

Nice To Haves

• 8+ years of professional experience in Technology Risk, Information Security, or leadership role in a technical area within a highly regulated industry.
• Certification in relevant GRC discipline (e.g., CISA, CISM, CRISC, CISSP, CGRC) or IT governance frameworks (e.g., ITIL).
• Experience implementing or using AuditBoard CrossComply, AuditBoard ITRM, or other TPRM, Privacy, or GRC tools
• Participation in IT compliance and audit processes
• Experience organizing process information and technical concepts into a knowledge base for wider audience consumption, leveraging diagrams or infographics and knowledge management tools
• Experience driving successful, insight-based, creative communications plans that deliver against program objectives, on time and within budget
• Experience deploying policy or technology changes across a large enterprise and measuring and reporting program process over time.
• Understanding of fundamental Information Governance concepts (e.g., records retention, data protection, data handling)
• Knowledge of enterprise change management methodologies
• Familiarity with SAP security model and its integration with GRC products
• Familiarity with M365 governance and compliance settings

Responsibilities

• Controls Framework Design, Implementation, and Management
• Control Framework Development: Analyze, design, create, and maintain a unified IT controls framework drawing from leading industry frameworks and applicable regulatory requirements (e.g. NIST CSF, CIS, HITRUST, PCI, etc.)
• Documentation: Create comprehensive documentation for the controls framework, including risks, control objectives, and implementation guidelines. Align with existing enterprise policies and develop policies to fill identified gaps.
• Stakeholder Engagement: Collaborate with cross-functional teams to ensure stakeholder buy-in and alignment with organizational risk tolerance.
• Technology Evaluation and Risk Management
• Compliance Evaluation: Assess new and existing technologies for compliance with applicable controls.
• Risk Register Management: Maintain a risk register to manage non-compliance and track remediation efforts.
• Tool Administration: Lead the configuration of GRC tools used for IT risk management processes.
• Awareness and Education Material Development: Develop tailored written and verbal awareness materials for different audiences, supporting user education initiatives. Drive communication campaigns to ensure employee adoption using metrics to measure and track success.
• Communication and Cross-Functional Collaboration
• Communication Planning: Execute a communication plan for impacted audiences when process and policy changes are made.
• Relationship Building: Build trusted relationships with IT Compliance, Information Security, Legal, and Corporate Compliance teams to ensure message alignment and cross-functional collaboration.

Benefits

• competitive total rewards package
• continuing education & training
• health insurance
• life and disability
• 401(k) contributions
• paid time off
• Employee Assistance Program
• Employee Resource Groups
• Employee Service Corp