|Title:||Lead IT Controls and Compliance|
Position: Lead IT Controls and Compliance
Location: Rochester, NY
Green Card and US Citizens only!
The Information Technology Controls and Compliance (ITCC) practice is an important function within IT that promotes accountability, improves oversight and ensures monitoring of IT controls, which includes Sarbanes-Oxley Act (SOX), service auditor reports (SOC1 and SOC2) and large group audits.
The lead position will support the implementation and ongoing maintenance of IT controls and compliance. The position is responsible for consulting on control design, monitoring control performance, facilitating user access reviews, reporting IT risks and helping to provide remediation governance. Other responsibilities may include support of compliance projects, such as Sailpoint IIQ, Archer GRC, Public Cloud projects, Compliance Analytics and Robotic Process Automation
• Serve as primary liaison between internal and external auditing bodies such as IT management, Compliance and Business Stakeholders.
• Conduct assessments of IT risks and controls
• Monitor and evaluate controls for effectiveness and efficiency to mitigate areas of risks
• Support scheduled audits (HIPAA, SOX, SOC1, and various State Department of Insurance audits) with facilitation of evidence requests, walk-throughs, remediation and management responses.
• Coordinate appropriate measurement efforts for process improvement
• Lead remediation governance meetings with senior leaders
• Support projects as subject expert to ensure controls and compliance requirements are met.
• Bachelor's degree in IT, MIS, Accounting, Finance, Business Administration, related field or equivalent experience.
• 7+ years of combined IT and operational auditing and control experience, including systems design or implementation experience.
• Experience in control design, development, automation, and assessment in IT systems, processes, and new implementations.
• Experience in coordinating and planning IT audits.
• Experience with specialized tools, including Oracle, MS SQL Service, MS Project and MS Office applications.
• Experience in managing complex, cross-organizational technical programs.
• Knowledge and understanding of various IT disciplines (e.g. software development, operations, infrastructure and information security). Experience with HIPAA (Health Insurance Portability and Accountability Act), SOX (Sarbanes Oxley), SSAE 16 (Statement on Standard for Attestation Engagements), ISO 27000, ITIL (Information Technology Infrastructure Library) or NIST (National Institute of Standards and Technology). Licenses/Certifications: CISA, CISSIP, MS SQL Server, CPA, OR CIA preferred. Project Management Professional (PMP) preferred.
• Prior experience in conducting IT control assessments or audits; Sarbanes-Oxley (SOX) or Service Organization Control (SOC 2) experience preferred
• Demonstrated experience understanding of security principles, IT security controls, and related technologies and products
Apply to Job