Job Description

　　Establish and oversee formal risk analysis and self-assessments program for various IT

　　systems and processes.

　　Receive and manage compliance issues through investigation, consulting with appropriate

　　owners and resolution or mitigation strategy

　　Promote and monitor our corporate wide IT risk awareness program. Coach, lead, develop,

　　and train team members and external partners as necessary.

　　Help ensure compliance with HIPAA, PCI, HighTrust. SOX and SOC (Etc.) for

　　Business Units. Work with business units to ensure data and applications are properly

　　classified. Work with Internal Audit, General Counsel and Business Units to remediate new

　　and outstanding issues.

　　Create / onboard a GRC system (service now). Track related issues in the electronic GRC

　　system. Create / run ad hoc reports, metrics and issue log.

　　Escalate issues and/or reporting to audit and compliance stakeholders for internal or external

　　audit actions. Coordinates resolution of audit action points and remediation.

　　Skills and Requirements

　　Education equivalent to Bachelors Degree in Information Technology or the equivalent in

　　related experience; an M.B.A. or M.S. in Information Security is preferred

　　3-5 years of experience in a fast-paced IT professional role

　　Completion of courses in Audit and/or IT Audit is a plus

　　Experience with risk analysis tools, technologies and policies and understanding of business

　　impact

　　Strong leadership abilities, with the capability to develop and guide IT team members and

　　operations personnel, and work with minimal supervision

　　Experience working with legal, audit and compliance staff

　　Experience developing and maintaining policies, procedures, standards and guidelines

　　Experience with information security management frameworks, such as International

　　Standards Organization (ISO) 2700x, NIST, the IT Infrastructure Library (ITIL) and Control

　　Objectives for Information and Related Technology (COBIT) frameworks

　　Proficiency in performing risk, business impact, control and vulnerability assessments, and in

　　defining treatment strategies

　　Strong analytical skills to analyze security requirements and relate them to appropriate

　　security controls

　　Project Management Professional (PMP), CISA or Audit training/certification an asset null

　　We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal employment opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment without regard to race, color, ethnicity, religion,sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military oruniformed service member status, or any other status or characteristic protected by applicable laws, regulations, andordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to [email protected].