Address
Form of workNatera is looking for a Director, IT Compliance whose main responsibility is ensuring Information Technology is in compliance as a public healthcare company, mainly SOX, SOC 2 and GxP. The IT Compliance Manager is primarily responsible for managing the design and execution of IT General Controls (ITGC) and providing guidance to management and staff on ITGC best practices across all IT infrastructure and application solutions on-prem and cloud.
This individual will work to ensure technology risk is properly managed, compliance requirements are met and that special projects run smoothly. This individual will quickly gain broad exposure to the operations of the company and collaborate with the Technology Organization (IT, Engineering), Internal Audit team and other business partners to deliver compliance-focused infrastructure in addition to internal and external audit to support the establishment of a consistent, repeatable, and scalable compliance approach.
Responsibility
- Develop/write IT General Control procedures and policies. Provide guidance in implementing ITGC controls. Manage and direct IT SOX compliance and application controls activities, risk assessment, controls rationalization, and controls optimization processes.
- Coordinate and provide expert control guidance to management, control owners and others to ensure compliance with Sarbanes-Oxley (SOX) regulations and IT Control standards.
- Provide technical support in the assessment, design and implementation of ITGC requirements. Review new systems architecture and determine SOX scoping for ITGC and IT application controls.
- Work cross-functionally on all technology implementation projects to provide IT controls expertise and test controls to meet financials and information security requirements.
- Review control evidence for adherence to accuracy, completeness and precision of control execution for all ITGC. Review test findings, facilitate the remediation of ITGC control gaps, and escalate possible critical issues to senior management
- Guide the planning, scoping and execution of internal audits primarily in areas associated with technology and technology-related risks including reviews of new and enhanced products and supporting systems, process changes and system implementations.
- Partner with Internal Audit, Security, Privacy, Engineering, Quality teams to lead and manage and contribute to the technology audits, including supporting the design and development of audit programs.
- Work with management and users to interpret the significance of audit findings, conclude on findings, make practical recommendations, and verify that remediation plans are implemented.
- Identifies, quantifies, tracks, and leads mitigation of risks and control exceptions in collaboration with internal and 3rd party Risk program requirements and communicates results to department leadership. Supports and interprets information provided by Internal/External Audit for relevant compliance concerns.
- Assist in the development of Disaster Recovery and Business Continuity plans. Assist in the testing (planning and execution) of the DR/BCP.
- Lead training for staff, IT, and business personnel on topics such as SOX documentation, access controls, change management, segregation of duties, and SOC reporting
- Bachelor's degree in computer science or related technical field, or equivalent practical experiences in similar industries over 7+ years.
- Big 4 Public accounting IT audit experience and/or public company experience working with controls required. CPA, CIA, or CISA designation preferred
- Big 4 assurance or advisory services experience and/or public company experience working with controls preferred. CPA, CIA, or CISA designation preferred
- In-depth knowledge of Sarbanes-Oxley requirements, COSO Framework, PCAOB Auditing Standards and internal controls, and COBIT
- Experience with Oracle Fusion ERP expertise is essential, Fastpath SOX management software or similar tool desired
- Strong working knowledge of NIST, ISO 27001 or ISO 27018, SOC security and privacy principles and provide practical examples of their application across the technical domain.
- Experience in mapping and applying IT control & security frameworks such as SOC 1, SOC 2, NIST, ISO27001 or related IT compliant posture
- Strong knowledge and experience with developing IT Governance & Risk Controls processes and procedures and different IT-related frameworks and practices.
- Ability to apply fundamental Information Technology General Controls, concepts, practices, and procedures.
- Familiarity with security practices and methodologies, security controls, disaster recovery, and business continuity planning.
- Strong communicator (verbal and written) to work with various departments on implementing controls and SOX documentation as needed
- Able to prioritize and execute tasks in a high-pressure environment
The pay range is listed and actual compensation packages are based on a wide array of factors unique to each candidate, including but not limited to skill set, years & depth of experience, certifications and specific office location. This may differ in other locations due to cost of labor considerations.
San Carlos, CA
$192,500-$240,600 USD
OUR OPPORTUNITY
Natera™ is a global leader in cell-free DNA (cfDNA) testing, dedicated to oncology, women's health, and organ health. Our aim is to make personalized genetic testing and diagnostics part of the standard of care to protect health and enable earlier and more targeted interventions that lead to longer, healthier lives.
The Natera team consists of highly dedicated statisticians, geneticists, doctors, laboratory scientists, business professionals, software engineers and many other professionals from world-class institutions, who care deeply for our work and each other. When you join Natera, you'll work hard and grow quickly. Working alongside the elite of the industry, you'll be stretched and challenged, and take pride in being part of a company that is changing the landscape of genetic disease management.
WHAT WE OFFER
Competitive Benefits - Employee benefits include comprehensive medical, dental, vision, life and disability plans for eligible employees and their dependents. Additionally, Natera employees and their immediate families receive free testing in addition to fertility care benefits. Other benefits include pregnancy and baby bonding leave, 401k benefits, commuter benefits and much more. We also offer a generous employee referral program!
For more information, visit www.natera.com.
Natera is proud to be an Equal Opportunity Employer. We are committed to ensuring a diverse and inclusive workplace environment, and welcome people of different backgrounds, experiences, abilities and perspectives. Inclusive collaboration benefits our employees, our community and our patients, and is critical to our mission of changing the management of disease worldwide.
All qualified applicants are encouraged to apply, and will be considered without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, age, veteran status, disability or any other legally protected status. We also consider qualified applicants regardless of criminal histories, consistent with applicable laws.
If you are based in California, we encourage you to read this important information for California residents.
Link: https://www.natera.com/notice-of-data-collection-california-residents/
Please be advised that Natera will reach out to candidates with a @natera.com email domain ONLY. Email communications from all other domain names are not from Natera or its employees and are fraudulent. Natera does not request interviews via text messages and does not ask for personal information until a candidate has engaged with the company and has spoken to a recruiter and the hiring team. Natera takes cyber crimes seriously, and will collaborate with law enforcement authorities to prosecute any related cyber crimes.
For more information:
- BBB announcement on job scams
- FBI Cyber Crime resource page
