Responsible for key aspects of the IT Division’s compliance to the Sarbanes-Oxley act (SOX) and other laws and regulations governing the corporation. Emphasis will be on planning, supervising and executing compliance testing, controls assessment and documentation across all domains for Sarbanes-Oxley, Payment Card Industry (PCI), Data Privacy, and other compliance requirements as needed. The individual will work with the IT management team to evaluate the design and effectiveness of the control environment, both operational and technical, develop trending for remediation efforts and overall compliance with operational standards, and build compliance programs including detailed exception reporting and complex configuration monitoring requirements. This person will participate in pre-implementation reviews of new systems to ensure that there are proper controls over the development phase to meet compliance and best practice standards.
Responsible for monitoring internal compliance against information security policies and standards by conducting data privacy due diligence assessments, internal control reviews and risk assessments. They will maintain awareness of external regulations for new or changed requirements within IT and identify industry standards from which base core IT processes (e.g. ITIL, NIST, etc.) This position represents the company’s interest with external and internal auditors and 3rd party service providers.
Leads internal and external audits within IT, as well as periodic assessments to address specific risks. Prepares audit summaries and review audit results with senior IT management providing observations, recommendations and conclusions as well as assist in identifying and communicating control gaps and evaluating management remediation action plans and related reporting. In addition, provides accurate, timely oral and written communications to IT and impacted management to discuss identified deficiencies, best practices and recommendations for implementation of modifications to improve compliance and mitigate risk.
Requirements:
Knowledge of the retail regulatory environment, SOX 404, experience with various technologies, including networks, platforms, and applications. Risk assessment and familiarity with tools and techniques used to provide control and monitoring mechanisms. Solid knowledge of IT audit methodologies and control frameworks.
Bachelor's degree in Business, with solid IT audit or compliance experience, or Computer Science, with solid business and IT Audit/Compliance experience desired. 4 yrs+ IT Audit, Compliance, or Technology experience. Helpful to have knowledge or PCI standards, HIPAA, ISO17799.
