IT Risk & Compliance Job Description
IT risk & compliance
provides PCI DSS, SOX, and governance expertise and consulting to the IT organization, business, and IT projects.
IT Risk & Compliance Duties & Responsibilities
To write an effective IT risk & compliance job description, begin by listing detailed duties, responsibilities and expectations. We have included IT risk & compliance job description templates that you can modify and use.
Sample responsibilities for this position include:
Support roll out of new COSO methodology, taking lead on IT aspects of project plan
Help to achieve our governance and risk management objectives
*IT Audit & Compliance Analyst CISA SSAE16 EU Safe Harbor PCI SOX CISSP CCSK CIPP ISC2 CSSP GSEC CyberSecurity Netdocuments iManage Office365 Sharepoint Risk Management Vendor Management COBIT CIS Baselines NIST vendor security***
Develop and implement the sustainable security compliance program, which includes all legal, privacy and regulatory requirements and conducts assessments to identify non-compliance
Work with engineering leads and architects to develop tools and processes to review and report on compliance for security and privacy
Inform management of IT risk issues and practices that may affect the firm
Investigate security breaches and abuse of the IT Security policies and procedures, including those of a sensitive and confidential nature
As a Senior Manager in the IS organization, acts as an end-to-end expert in managing IT-related compliance initiatives
Assist in the maintenance and preparation of clear, detailed and accurate compliance documentation, including process narratives, flow charts, control descriptions, risk control matrices, test programs, test results, and management responses and remediation
Drive consensus on measurable gains in IT compliance and information security practice maturity and measure progress towards them
IT Risk & Compliance Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for IT Risk & Compliance
List any licenses or certifications required by the position: CISA, CISSP, CISM, CRISC, PCI, CIA, SANS, ITIL, ISACA, CPA
Education for IT Risk & Compliance
Typically a job would require a certain level of education.
Employers hiring for the IT risk & compliance job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Business, Information Systems, Information Technology, Accounting, Education, Information Security, Management, Engineering, Technical
Skills for IT Risk & Compliance
Desired skills for IT risk & compliance include:
IT organization patterns
ITIL
Trends and technologies
Governance
IT policies
NIST
COSO
Compliance assessment
Internet
PCI-DSS
Desired experience for IT risk & compliance includes:
Assess new system and process impacts against compliance controls, and perform spot reviews of select processes/control issues
Provide regular business view updates of the state of compliance and security for senior leadership and external stakeholders
Maintain the deficiency dashboard and monitor remediation status
Prepare quarterly results decks
Evaluate and document specific compliance issues where a “deeper dive” is needed as requested by the Internal Auditor, External Auditor of Controller
Review and maintain Segregation of Duties (SOD) in applicable systems and environments
IT Risk & Compliance Examples
1
IT Risk & Compliance Job Description
Job Description Example
Our company is growing rapidly and is hiring for an IT risk & compliance. Please review the list of responsibilities and qualifications. While this is our ideal list, we will consider candidates that do not necessarily have all of the qualifications, but have sufficient experience and talent.
Responsibilities for IT risk & compliance
- Assists and supports Manager, Global IT Risk & Compliance, in driving and maintaining the implementation and maintenance of frameworks that manages IT governance, security, and compliance objectives
- Perform as a project manager on various projects which support the governance, security and compliance work streams
- Determines quality standards and oversees the execution/production of project deliverables (including production implementations) and management documents
- Perform IT Risk Assessments by analyzing and assessing the current and future threat landscape, providing IT leadership, with a realistic overview of risks and threats from an IT controls perspective
- Responsible for the IT Change and Problem Management process by ensuring all changes are recorded, linked to a problem or request, tied back to a component, and are risk assessed, categorized, prioritized, planned, documented, and reviewed in a controlled manner
- Document and assess IT internal controls over financial reporting as part of ongoing Sarbanes-Oxley (SOX) compliance effort
- Assessment of access management, authentication, authorization
- Design efficient procedures and methodologies to test controls relevant to SOX
- Builds meaningful metrics to demonstrate continuous improvement in the audit process and in the efficacy of internal controls
- Design specific metrics to monitor control deficiencies and remediation accountabilities across all IT functional groups
Qualifications for IT risk & compliance
- Progression towards applicable professional certifications desirable
- CISSP, CRISC, PMP, or other relevant certification preferred
- Familiarity with scanning tools such as NESSUS, Metasploit, or similar preferred
- Proven ability to help clients achieve their Information Security goals required
- CISSP, CRISC, PMP, or other relevant certification required
- Bachelor’s degree in information technology, computer science, accounting, or other business/technology/analytical studies related area preferred
2
IT Risk & Compliance Job Description
Job Description Example
Our company is growing rapidly and is looking for an IT risk & compliance. If you are looking for an exciting place to work, please take a look at the list of qualifications below.
Responsibilities for IT risk & compliance
- Will work with Laureate’s IT Executive Regional CIOs, local IT Management and Compliance teams to identify automation opportunities to streamline application and infrastructure controls across IT functional groups
- Transform SOX compliance into an operational practice for Laureate
- Lead IT Compliance due diligence programs for new acquisitions and develop plans as required based on GAP analysis results and requirements
- Constantly on alert for potential areas of vulnerability or risk
- Raises awareness and ensure that all employees, regardless of where they are located in the world respect the legal norms the values and ethics of the company
- Responsible for leading, tracking, and monitoring IT risk remediation efforts globally
- Works with the Legal organization to ensure that Product Use Rights, license allowances, and contractual entitlements for software products and manufacturers are followed and understood by IT
- Reviews contract compliance, including process and document auditing of vendors for contract compliance
- Identifies contractual and regulatory compliance issues and maintain close working relationship with ITAM and the legal team to develop and implement solutions
- Communicates and negotiates with internal clients to resolve issues and discrepancies effectively
Qualifications for IT risk & compliance
- An understanding of external regulations and applicable laws, such as, GxP/HAR – Part 11, PDMA
- Demonstrated ability to generate detailed risk & compliance metric reports timely
- Escalates non-compliance issues and risks to IT Security management
- Bachelors degree Information Systems, Computer Science or related IT Audit & Control disciplines
- Experience in vendor risk management, operating system administration and security, network design and implementation, network and application security, and software architecture and development is preferred
- Helps ensure IT General Controls are considered throughout new system implementation projects and processes
3
IT Risk & Compliance Job Description
Job Description Example
Our company is searching for experienced candidates for the position of IT risk & compliance. If you are looking for an exciting place to work, please take a look at the list of qualifications below.
Responsibilities for IT risk & compliance
- Serve as subject matter expert to internal business and IT partners on range of compliance standards as influenced by global and local regulatory mandates
- Primary responsibility for IT compliance
- Responsible for security consulting on IT projects
- Develop security requirements for new development projects
- Work with Change Control process to ensure that security requirements are met before roll out to production
- Develop and oversee implementation of cloud security requirements for projects
- Ensure the effective execution of IT risk management to identify, assess, respond and manage risks
- Work with the Enterprise Risk Team, to facilitate Risk Assessments and maintain the IT Risk Profile and Risk Register
- Manage Risk mitigation measures including planning and controlling
- Facilitate the creation of monthly IT Risk reporting & metrics
Qualifications for IT risk & compliance
- 10+ years experience in the risk and compliance field focusing on ensuring that the company complies with federal, state and industry regulations and standards
- Seven or more years of experience defining technical audit / review plans for internal supporting personnel
- Bachelors degree in Computer Science, Information Systems, or related field with minimum 7 years professional experience required
- Bachelor and Master’s degree in Computer Science, Information Systems, or related field with 5+ years professional experience
- Experience in PCI, ISO, and SOX - preferred
- Current CISA, CISSP, or CRISC preferred
4
IT Risk & Compliance Job Description
Job Description Example
Our company is growing rapidly and is looking for an IT risk & compliance. To join our growing team, please review the list of responsibilities and qualifications.
Responsibilities for IT risk & compliance
- Work with Control Owners through the design, deployment, and execution of automated & manual controls, including processes and procedures to achieve consistent, repeatable results mapped to the IT control framework
- Ensure timely submissions of control routines such as, periodic reviews, self-certifications and evidence collation & storage
- Manage an IT compliance issue management tracking and resolution process
- Coordinate and support internal & external audits, including timely audit remediation activity
- Deliver the Information Security awareness and training program
- Work with the project teams to ensure IT Security, Risk and Compliance considerations are completed as part of their project lifecycle, such as third party risk assessments and security requirements gathering
- Act in a consulting capacity to support the improvement of existing processes, procedures and standards in the area of information security, Risk and Compliance
- Hands-on delivery of projects and tasks from start to finish with a self-learner, self-starter attitude
- Provides SOX 404 subject matter expertise for all testing and remediation of IT SOX controls
- Provides subject matter expertise in matters relating to information security
Qualifications for IT risk & compliance
- Experience with multiple compliance requirements
- Polished and precise communication
- Two or more security or vendor certifications CISSP, Cisco, Checkpoint, SANS, ISACA, ISC2, VMWare, McAfee, database certifications
- Business level English preferred
- Leads organizational awareness of compliance, risk, security and privacy concepts and best practices
- Comprehensive understanding of the Company’s systems and processes, business objectives, key risks, and information technology policies
5
IT Risk & Compliance Job Description
Job Description Example
Our growing company is looking for an IT risk & compliance. To join our growing team, please review the list of responsibilities and qualifications.
Responsibilities for IT risk & compliance
- Knowledge of external factors, such as economic environment, regulatory compliance, and emerging risks, and their potential impact on the Company’s risk profile
- Perform project management duties related to planning, coordinating, execution of various project related work
- Invest in the development of our people by building and managing effective teams, promoting teamwork, diversity, and positive morale
- Overall, pursue the continuous improvement of our tools, practices, methodology, and policies & procedures
- Exercise discretion in the review of records to ensure confidentiality of all matters that come to your attention
- Ensure 3rd party compliance
- Provide hands-on leadership, mentorship, direction and expertise to the Security and broader IT teams
- Champion proactive security awareness efforts for global organization
- Partner with IT Leadership to develop, implement and maintain information security policies
- Develop and execute short-term and long-term IT security, risk & compliance strategies for the department and manage roadmap / action plans
Qualifications for IT risk & compliance
- Bachelor’s Degree in Computer Information Systems, Computer Science, Management Information Systems, Business, Accounting, or Finance
- Bachelor’s degree in Accounting, Business Administration, Computer Science, Management Information Systems or related curriculum required
- Experience to include a minimum of 5+ years of related experience, including at least 3 years of project management or compliance activities
- Experience managing multiple projects and competing priorities
- Proven ability to effectively lead diverse teams
- Big four IT audit and / or eDiscovery experience