Address
Form of work JOB DESCRIPTIONSkiltrek has an opening for a Sr. Risk Compliance Analyst to play a key role in developing our clients new IT controls program. The program includes IT General Controls and information protection controls. We are looking for a self-starter with experience designing and implementing new IT control expectations, developing controls documentation (e.g., policies, standards, guidelines, templates), and training control owners on control execution. This individual will also review compliance of new applications against applicable information protection controls. The Senior IT Controls and Risk Analyst will ensure controls are operating effectively after implementation, and remediation plans are developed and tracked to completion.
MAJOR RESPONSIBILITIES
* Define specific control expectations of technology owners related to information integrity, confidentiality, and availability.
* Develop standardized approaches, standards, and templates to support control owners in executing IT controls.
* Drive consistency in control execution across the IT organization.
* Provide formal and informal coaching and training to control owners on how to best to operate and evidence control execution.
* Monitor implementation of control requirements for key applications and develop a program for monitoring adherence to control requirements on a periodic basis.
* Define and execute reviews to ensure new applications adhere to the defined control requirements during implementation.
* Evaluate potential third parties or solution designs for compliance with expected privacy and security controls; identify risks
* Maintain a risk register to manage control non-compliance and remediation efforts.
* Centrally maintain documentation related to the IT controls program (e.g., Risk and Controls Matrix, IT process narratives, policies and procedures, evidence of control execution).
* Map defined controls set to applicable control frameworks (e.g., NIST CSF, Zero Trust Architecture, etc.) and identify additional controls to fill gaps.
* Identify opportunities to leverage controls automation and perform continuous monitoring.
* Apply change management methodologies to identify and manage anticipated resistance to change.
* Administer and configure tools, as needed, used in the execution of IT controls program activities (e.g., GRC tools, document repositories).
* Define and measure success metrics and monitor change progress (i.e. control owner adoption) against established program targets for reporting to leadership.
* Build trusted relationships with cross-functional IT and business partners (e.g., Internal Audit, Privacy, Compliance, etc.) to ensure alignment of controls program objectives and priorities across the organization.
* Promote a culture in which control owners recognize their responsibilities and the value in executing the expected IT controls.MINIMUM REQUIREMENTSo At least 4 years of professional experience in IT controls, information technology, risk management, information security, audit, privacy or related field.
o Experience specifically includes:
o Defining and designing new IT controls expectations
o Deploying new control expectations across a large enterprise
o Testing the operating effectiveness of IT controls
o Identifying IT control gaps, developing remediation plans, and tracking issues to resolution
o In-depth understanding of IT General Controls (i.e., Change management, Access, IT Operations) and application information protection controls (i.e., authentication, encryption, vulnerability management)
o Familiar with the NIST Cybersecurity framework and other industry control frameworks
o Proven ability to effectively interact with and influence cross-functional teams and partners
o Experience creating training content and delivering training (e.g., live, recorded)
o Ability to maintain effective stakeholder relationships and promote internal controls and control awareness throughout the corporation
o Strong analytical, problem solving, and critical thinking skills, including the ability to anticipate issues and to design appropriate solutions
o Strong written and verbal skills, including a demonstrated ability to translate complex or technical information into concepts that are easily understood
o Detail and deadline oriented, and able to work with limited supervision
o Experience using and/or configuring GRC tools
o Experience with privacy regulations (e.g., HIPAA, CCPA, GDRP) and associated information handling controls
o Proficient with Microsoft Office Suite (Word, Excel, PowerPoint, SharePoint, Visio)DESIRED SKILLSo CISA, CISSP, CIA, CPA, CRISC, CISM
MAJOR RESPONSIBILITIES
* Define specific control expectations of technology owners related to information integrity, confidentiality, and availability.
* Develop standardized approaches, standards, and templates to support control owners in executing IT controls.
* Drive consistency in control execution across the IT organization.
* Provide formal and informal coaching and training to control owners on how to best to operate and evidence control execution.
* Monitor implementation of control requirements for key applications and develop a program for monitoring adherence to control requirements on a periodic basis.
* Define and execute reviews to ensure new applications adhere to the defined control requirements during implementation.
* Evaluate potential third parties or solution designs for compliance with expected privacy and security controls; identify risks
* Maintain a risk register to manage control non-compliance and remediation efforts.
* Centrally maintain documentation related to the IT controls program (e.g., Risk and Controls Matrix, IT process narratives, policies and procedures, evidence of control execution).
* Map defined controls set to applicable control frameworks (e.g., NIST CSF, Zero Trust Architecture, etc.) and identify additional controls to fill gaps.
* Identify opportunities to leverage controls automation and perform continuous monitoring.
* Apply change management methodologies to identify and manage anticipated resistance to change.
* Administer and configure tools, as needed, used in the execution of IT controls program activities (e.g., GRC tools, document repositories).
* Define and measure success metrics and monitor change progress (i.e. control owner adoption) against established program targets for reporting to leadership.
* Build trusted relationships with cross-functional IT and business partners (e.g., Internal Audit, Privacy, Compliance, etc.) to ensure alignment of controls program objectives and priorities across the organization.
* Promote a culture in which control owners recognize their responsibilities and the value in executing the expected IT controls.MINIMUM REQUIREMENTSo At least 4 years of professional experience in IT controls, information technology, risk management, information security, audit, privacy or related field.
o Experience specifically includes:
o Defining and designing new IT controls expectations
o Deploying new control expectations across a large enterprise
o Testing the operating effectiveness of IT controls
o Identifying IT control gaps, developing remediation plans, and tracking issues to resolution
o In-depth understanding of IT General Controls (i.e., Change management, Access, IT Operations) and application information protection controls (i.e., authentication, encryption, vulnerability management)
o Familiar with the NIST Cybersecurity framework and other industry control frameworks
o Proven ability to effectively interact with and influence cross-functional teams and partners
o Experience creating training content and delivering training (e.g., live, recorded)
o Ability to maintain effective stakeholder relationships and promote internal controls and control awareness throughout the corporation
o Strong analytical, problem solving, and critical thinking skills, including the ability to anticipate issues and to design appropriate solutions
o Strong written and verbal skills, including a demonstrated ability to translate complex or technical information into concepts that are easily understood
o Detail and deadline oriented, and able to work with limited supervision
o Experience using and/or configuring GRC tools
o Experience with privacy regulations (e.g., HIPAA, CCPA, GDRP) and associated information handling controls
o Proficient with Microsoft Office Suite (Word, Excel, PowerPoint, SharePoint, Visio)DESIRED SKILLSo CISA, CISSP, CIA, CPA, CRISC, CISM
