Manager Risk, Internal Audit, and Cybersecurity
We are searching for a self–motivated individual who is skilled in system IT audit, information technology (IT) compliance reviews, IT internal controls, and system business processes. Displays strong communication and leadership skills and has the ability to successfully handle multiple tasks in a challenging and rapidly changing IT systems and financial reporting environment. Individual must possess strong analytical and critical thinking skills. Individual must demonstrate the ability to work independently with little supervision and communicate effectively with peers, superiors and client to support financial management system initiatives.
Support clients with Sarbanes–Oxley (SOX), HIPAA, ISO, GDPR/CCPA or other regulatory/framework compliance and audit readiness efforts.
- Participates in project–focused work regarding identity and access management, change management, business continuity and disaster recovery, and operations controls.
- Advise on maintaining a risk/control framework that accurately reflects the IT control environment and alignment to the Information Security Policy and standards.
- Analyzes systems and applications to test related processes.
- Assist process owners and control owners in the preparation and on–going maintenance of control and process documentation (policies, procedures, narratives, control descriptions, and test plans)
- Use risk assessment methodologies to identify residual risk and control strengthening opportunities.
- Assist process owners and control owners in identifying gaps in control design and control operating effectiveness of IT general controls and related remediation measures.
- Assist in identifying the opportunities for using automated computer assisted audit techniques as necessary to reduce resource impact.
- Maintains an awareness of existing and proposed security standard setting groups, State and Federal legislation and regulations pertaining to information security and identifies regulatory changes that will affect information security policy, standards, procedures, controls, and recommends appropriate changes.
- Serve as a primary liaison to the client.
- Bachelor's Degree in Information Systems, Computer Science, or a related discipline and typically 4–10 years of experience focused on information systems audit or an equivalent breadth of experience in information security, systems, and network technology.
- Competency in the areas of IT general computer controls specifically in information security, logical access, physical security, change management, application controls, interfaces, backup and recovery, and computer operations.
- Working knowledge of IT auditing and compliance practices.
- Able to independently evaluate the effectiveness of controls to prevent errors in financial reporting.
- Working knowledge of Sarbanes Oxley (SOX), additionally knowledge of PCI and Data Privacy & Protection regulations desired – GDPR, CCPA, HIPAA, SOC 1, SOC 2.
- Preferred certifications obtained or being pursued: Certified Information Systems Auditor (CISA), Certified in Risk and Information System Controls (CRISC), Certified Information Security Professional (CISSP), Certified Public Accountant (CPA) and/or Certified Internal Auditor (CIA).
- Big 4 public accounting or consulting experience is a plus.
- General knowledge of Governance, Risk, Compliance (GRC) tool sets.
- Understanding of the SSAE18 (SOC 1) auditing standard.
- Excellent communication and presentation skills.
- Strong process documentation and reporting capabilities.
- Self–motivated and self–directed.
- Strong cross–functional team participant and collaborative approach to problem solving.
- Competitive salary and quarterly bonuses
- Medical/Dental/Vision benefits
- Excellent 401K employer match