IT Risk & Compliance Job Description
IT Risk & Compliance Duties & Responsibilities
To write an effective IT risk & compliance job description, begin by listing detailed duties, responsibilities and expectations. We have included IT risk & compliance job description templates that you can modify and use.
Sample responsibilities for this position include:
IT Risk & Compliance Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for IT Risk & Compliance
List any licenses or certifications required by the position: CISA, CISSP, CISM, CRISC, PCI, CIA, SANS, ITIL, ISACA, CPA
Education for IT Risk & Compliance
Typically a job would require a certain level of education.
Employers hiring for the IT risk & compliance job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Business, Information Systems, Information Technology, Accounting, Education, Information Security, Management, Engineering, Technical
Skills for IT Risk & Compliance
Desired skills for IT risk & compliance include:
Desired experience for IT risk & compliance includes:
IT Risk & Compliance Examples
IT Risk & Compliance Job Description
- Assists and supports Manager, Global IT Risk & Compliance, in driving and maintaining the implementation and maintenance of frameworks that manages IT governance, security, and compliance objectives
- Perform as a project manager on various projects which support the governance, security and compliance work streams
- Determines quality standards and oversees the execution/production of project deliverables (including production implementations) and management documents
- Perform IT Risk Assessments by analyzing and assessing the current and future threat landscape, providing IT leadership, with a realistic overview of risks and threats from an IT controls perspective
- Responsible for the IT Change and Problem Management process by ensuring all changes are recorded, linked to a problem or request, tied back to a component, and are risk assessed, categorized, prioritized, planned, documented, and reviewed in a controlled manner
- Document and assess IT internal controls over financial reporting as part of ongoing Sarbanes-Oxley (SOX) compliance effort
- Assessment of access management, authentication, authorization
- Design efficient procedures and methodologies to test controls relevant to SOX
- Builds meaningful metrics to demonstrate continuous improvement in the audit process and in the efficacy of internal controls
- Design specific metrics to monitor control deficiencies and remediation accountabilities across all IT functional groups
- Progression towards applicable professional certifications desirable
- CISSP, CRISC, PMP, or other relevant certification preferred
- Familiarity with scanning tools such as NESSUS, Metasploit, or similar preferred
- Proven ability to help clients achieve their Information Security goals required
- CISSP, CRISC, PMP, or other relevant certification required
- Bachelor’s degree in information technology, computer science, accounting, or other business/technology/analytical studies related area preferred
IT Risk & Compliance Job Description
- Will work with Laureate’s IT Executive Regional CIOs, local IT Management and Compliance teams to identify automation opportunities to streamline application and infrastructure controls across IT functional groups
- Transform SOX compliance into an operational practice for Laureate
- Lead IT Compliance due diligence programs for new acquisitions and develop plans as required based on GAP analysis results and requirements
- Constantly on alert for potential areas of vulnerability or risk
- Raises awareness and ensure that all employees, regardless of where they are located in the world respect the legal norms the values and ethics of the company
- Responsible for leading, tracking, and monitoring IT risk remediation efforts globally
- Works with the Legal organization to ensure that Product Use Rights, license allowances, and contractual entitlements for software products and manufacturers are followed and understood by IT
- Reviews contract compliance, including process and document auditing of vendors for contract compliance
- Identifies contractual and regulatory compliance issues and maintain close working relationship with ITAM and the legal team to develop and implement solutions
- Communicates and negotiates with internal clients to resolve issues and discrepancies effectively
- An understanding of external regulations and applicable laws, such as, GxP/HAR – Part 11, PDMA
- Demonstrated ability to generate detailed risk & compliance metric reports timely
- Escalates non-compliance issues and risks to IT Security management
- Bachelors degree Information Systems, Computer Science or related IT Audit & Control disciplines
- Experience in vendor risk management, operating system administration and security, network design and implementation, network and application security, and software architecture and development is preferred
- Helps ensure IT General Controls are considered throughout new system implementation projects and processes
IT Risk & Compliance Job Description
- Serve as subject matter expert to internal business and IT partners on range of compliance standards as influenced by global and local regulatory mandates
- Primary responsibility for IT compliance
- Responsible for security consulting on IT projects
- Develop security requirements for new development projects
- Work with Change Control process to ensure that security requirements are met before roll out to production
- Develop and oversee implementation of cloud security requirements for projects
- Ensure the effective execution of IT risk management to identify, assess, respond and manage risks
- Work with the Enterprise Risk Team, to facilitate Risk Assessments and maintain the IT Risk Profile and Risk Register
- Manage Risk mitigation measures including planning and controlling
- Facilitate the creation of monthly IT Risk reporting & metrics
- 10+ years experience in the risk and compliance field focusing on ensuring that the company complies with federal, state and industry regulations and standards
- Seven or more years of experience defining technical audit / review plans for internal supporting personnel
- Bachelors degree in Computer Science, Information Systems, or related field with minimum 7 years professional experience required
- Bachelor and Master’s degree in Computer Science, Information Systems, or related field with 5+ years professional experience
- Experience in PCI, ISO, and SOX - preferred
- Current CISA, CISSP, or CRISC preferred
IT Risk & Compliance Job Description
- Work with Control Owners through the design, deployment, and execution of automated & manual controls, including processes and procedures to achieve consistent, repeatable results mapped to the IT control framework
- Ensure timely submissions of control routines such as, periodic reviews, self-certifications and evidence collation & storage
- Manage an IT compliance issue management tracking and resolution process
- Coordinate and support internal & external audits, including timely audit remediation activity
- Deliver the Information Security awareness and training program
- Work with the project teams to ensure IT Security, Risk and Compliance considerations are completed as part of their project lifecycle, such as third party risk assessments and security requirements gathering
- Act in a consulting capacity to support the improvement of existing processes, procedures and standards in the area of information security, Risk and Compliance
- Hands-on delivery of projects and tasks from start to finish with a self-learner, self-starter attitude
- Provides SOX 404 subject matter expertise for all testing and remediation of IT SOX controls
- Provides subject matter expertise in matters relating to information security
- Experience with multiple compliance requirements
- Polished and precise communication
- Two or more security or vendor certifications CISSP, Cisco, Checkpoint, SANS, ISACA, ISC2, VMWare, McAfee, database certifications
- Business level English preferred
- Leads organizational awareness of compliance, risk, security and privacy concepts and best practices
- Comprehensive understanding of the Company’s systems and processes, business objectives, key risks, and information technology policies
IT Risk & Compliance Job Description
- Knowledge of external factors, such as economic environment, regulatory compliance, and emerging risks, and their potential impact on the Company’s risk profile
- Perform project management duties related to planning, coordinating, execution of various project related work
- Invest in the development of our people by building and managing effective teams, promoting teamwork, diversity, and positive morale
- Overall, pursue the continuous improvement of our tools, practices, methodology, and policies & procedures
- Exercise discretion in the review of records to ensure confidentiality of all matters that come to your attention
- Ensure 3rd party compliance
- Provide hands-on leadership, mentorship, direction and expertise to the Security and broader IT teams
- Champion proactive security awareness efforts for global organization
- Partner with IT Leadership to develop, implement and maintain information security policies
- Develop and execute short-term and long-term IT security, risk & compliance strategies for the department and manage roadmap / action plans
- Bachelor’s Degree in Computer Information Systems, Computer Science, Management Information Systems, Business, Accounting, or Finance
- Bachelor’s degree in Accounting, Business Administration, Computer Science, Management Information Systems or related curriculum required
- Experience to include a minimum of 5+ years of related experience, including at least 3 years of project management or compliance activities
- Experience managing multiple projects and competing priorities
- Proven ability to effectively lead diverse teams
- Big four IT audit and / or eDiscovery experience