Randstad
it manager, audit
Randstad, Denver, Colorado, United States, 80285
it manager, audit.
denver , colorado
posted august 16, 2024
job details
summary
$65 - $75 per hour
temp to perm
bachelor degree
category computer and mathematical occupations
reference1062390
job details
job summary:
POSITION SUMMARY
The Compliance Manger, IT Governance, Risk, & Compliance will be responsible to ensure compliance with legal and regulatory requirements, including but not limited to Sarbanes-Oxley, HITRUST, and HIPAA. This position will be responsible to document processes and gather evidence to support the accurate and timely execution of IT General Controls for all technology related functions. This includes managing timelines for the completion of audit activities and the related remediation utilizing POAM's. Ability to organize, manage and follow up on a large scale of assigned activities across multiple teams. This role will require effective communication across the organization, and required collaboration with leadership and staff in the compliance, audit and IT organizations.
ESSENTIAL FUNCTIONS
Audit
IT Control Execution
Creation, implementation and management of desktop policies, processes, and procedures to support internal and external audit control testing, including but not limited to; HIPAA, SOX, HITRUST, ISO 27000.
Design and document internal control processes
Gather evidence related to IT General Controls
Analyze and improve processes related to ITGC testing to implement, measure and enforce IT Policy
Customer Audits - Ensures all customer compliance commitments are met at all times
IT GRC System - Design, implement, and optimize the system to monitor, assign and gather evidence for IT control execution
Provide reporting on control compliance to align with audit deadlines
Coordinate with other departmental managers to execute controls and review audit related findings
Internal Audit PBC - Responsible for all IT aspect of data collection for internal audit's PBCs, working with internal teams to produce accurate data, and assuring a full and comprehensive PBC
IT Control Testing & Control Health - Responsible for the timely completion of IT controls on pre-defined intervals (including ad hoc, daily, weekly, monthly, quarterly, and yearly), ensures the health of all IT controls, and manages corrective action plans needed to address any control gaps, weaknesses, or failures
Customer Audits - Ensures all customer compliance commitments are met at all times, and supports all interactions with customer audits of our Program
Industry Audits - Supports all SOC 2, HITRUST, ISO 27000, etc. engagements & audits
Training - Conduct training and knowledge transfer on the execution of audit related control execution for end users and management
Compliance
Regulatory Compliance - Responsible to lead team to gather evidence of the timely and accurate completion of controls for HIPAA, SOX, & ISO 27000 compliance.
Remediation - Document, track and validate completion of remediation activities driven from findings and documented opportunities for improvement
Customer Compliance - Tracks key customer compliance requirements & performs customer compliance activities, such as periodically updating specific customers on specific security and compliance program performance items per a given customer's request, to ensure always-on compliance with our customer requirements
IT General Controls - Document process and procedure to ensure consistent timely completion of all control activities
Governance
Policy Development - Assess and maintain Security Policy to align with a globally-accepted best practice framework, such as NIST 800-53 or ISO 27000
Training - Ensures IT staff are adequately trained to understand the risks & controls for which they are responsible
Reporting - Periodically reports metrics related to IT compliance management activities
OKRs & KPIs - Develops, monitors, regularly reports, and ensures adherence to OKRs & KPIs for IT risk management
Risk Management
Vulnerability Management - Documents and enhances processes to identify, prioritize, and validate completion of remediation activities related to vulnerabilities
Patching - Documents and enhances processes to prioritize, remediate and validate patches for operating systems, applications, and hardware in the enterprise
Risk Management - Assist in the development & management of all IT POAMs
3rd Party Assessment Program - Documents and enhances processes to assess Third Party vendors for risk, security posture, and alignment with IT Security Policies
Security Awareness - Measure and quantify risk to prioritize security awareness communications and training
Leadership
Select, hire, and train Compliance Analysts
Coordinate daily, weekly, monthly activities to optimize resources
Drive accountability for completion of tasks on a timely basis
Provide feedback and career growth opportunities for members of the team
POSITION QUALIFICATIONS
Competency Statement(s)
Collaboration - Outstanding team player, sociable, and able to operate easily in cross-functional and cross-departmental roles
Project Management - Can assist in completing project related deliverables in a thorough and timely manner
Adaptability - Must be able to react to shifting priorities and multitask
Analytical Skills - ability to use thinking and reasoning to solve a problem
Communication, Oral - Excellent ability to communicate effectively with others using the spoken word
Communication, Written - Excellent ability to communicate in writing, clearly and concisely
Customer Oriented - Excellent ability to address the customers' needs while following company procedures
Decision Making - Ability to make critical decisions while following company procedures
Detail Orientation - Thorough, accurate, organized and productive
Interpersonal - Ability to get along well with a variety of personalities and individuals
Organized - Arranges tasks and activities in a structured, systematic way
Problem Solving - Excellent ability to find a solution for or to deal proactively with work-related problems
Relationship Building - Ability to effectively build relationships with customers and co-workers
Working Under Pressure - Driven ability to complete assigned tasks under stressful situations
Flexibility - Sets priorities and adapts to changes in a quick, professional manner
Thoroughness - Research, evaluate, recommend, and document IT GRC solutions
Pragmatic Strategy - Understands & embraces a balance between security risk probability and practical application of remediation, and is outcome-oriented above all else
Education / Experience
Bachelor's Degree in Computer Science, Computer Engineering, or Information Security / Cyber Security, or equivalent combination of education, training, and experience
ISC(2) CISSP certificate preferred
ITIL & GIAC or audit related (CISA/CIA/ISO Lead Auditor) certificates a plus
Minimum 3 years of experience in a full-time Information Security compliance role
Skills
Risk Management - Deep expertise in identifying, documenting, and managing qualitative risk. Expertise in quantitative risk, particularly in the FAIR model, is a significant plus.
Audit Management -understanding of normalized audit processes / methods, goals, motivations, and desired outcomes and organizational skills to ensure timelines are met.
Compliance - Expertise in regulatory requirements and industry standards such as HIPAA, HITRUST, SOX, SOC, NIST CSF, NIST 800-53, ISO 27000.
Governance - Can build and maintain easy to understand, easy to follow, and easy to audit policies, procedures, controls, narratives, and other common components of an enterprise IT GRC program.
location: DENVER, Colorado
job type: Contract
salary: $65 - 75 per hour
work hours: 8am to 5pm
education: Bachelors
responsibilities:
ESSENTIAL FUNCTIONS
Audit
IT Control Execution
Creation, implementation and management of desktop policies, processes, and procedures to support internal and external audit control testing, including but not limited to; HIPAA, SOX, HITRUST, ISO 27000.
Design and document internal control processes
Gather evidence related to IT General Controls
Analyze and improve processes related to ITGC testing to implement, measure and enforce IT Policy
Customer Audits - Ensures all customer compliance commitments are met at all times
IT GRC System - Design, implement, and optimize the system to monitor, assign and gather evidence for IT control execution
Provide reporting on control compliance to align with audit deadlines
Coordinate with other departmental managers to execute controls and review audit related findings
Internal Audit PBC - Responsible for all IT aspect of data collection for internal audit's PBCs, working with internal teams to produce accurate data, and assuring a full and comprehensive PBC
IT Control Testing & Control Health - Responsible for the timely completion of IT controls on pre-defined intervals (including ad hoc, daily, weekly, monthly, quarterly, and yearly), ensures the health of all IT controls, and manages corrective action plans needed to address any control gaps, weaknesses, or failures
Customer Audits - Ensures all customer compliance commitments are met at all times, and supports all interactions with customer audits of our Program
Industry Audits - Supports all SOC 2, HITRUST, ISO 27000, etc. engagements & audits
Training - Conduct training and knowledge transfer on the execution of audit related control execution for end users and management
Compliance
Regulatory Compliance - Responsible to lead team to gather evidence of the timely and accurate completion of controls for HIPAA, SOX, & ISO 27000 compliance.
Remediation - Document, track and validate completion of remediation activities driven from findings and documented opportunities for improvement
Customer Compliance - Tracks key customer compliance requirements & performs customer compliance activities, such as periodically updating specific customers on specific security and compliance program performance items per a given customer's request, to ensure always-on compliance with our customer requirements
IT General Controls - Document process and procedure to ensure consistent timely completion of all control activities
Governance
Policy Development - Assess and maintain Security Policy to align with a globally-accepted best practice framework, such as NIST 800-53 or ISO 27000
Training - Ensures IT staff are adequately trained to understand the risks & controls for which they are responsible
Reporting - Periodically reports metrics related to IT compliance management activities
OKRs & KPIs - Develops, monitors, regularly reports, and ensures adherence to OKRs & KPIs for IT risk management
Risk Management
Vulnerability Management - Documents and enhances processes to identify, prioritize, and validate completion of remediation activities related to vulnerabilities
Patching - Documents and enhances processes to prioritize, remediate and validate patches for operating systems, applications, and hardware in the enterprise
Risk Management - Assist in the development & management of all IT POAMs
3rd Party Assessment Program - Documents and enhances processes to assess Third Party vendors for risk, security posture, and alignment with IT Security Policies
Security Awareness - Measure and quantify risk to prioritize security awareness communications and training
Leadership
Select, hire, and train Compliance Analysts
Coordinate daily, weekly, monthly activities to optimize resources
Drive accountability for completion of tasks on a timely basis
Provide feedback and career growth opportunities for members of the team
Skills
Risk Management - Deep expertise in identifying, documenting, and managing qualitative risk. Expertise in quantitative risk, particularly in the FAIR model, is a significant plus.
Audit Management -understanding of normalized audit processes / methods, goals, motivations, and desired outcomes and organizational skills to ensure timelines are met.
Compliance - Expertise in regulatory requirements and industry standards such as HIPAA, HITRUST, SOX, SOC, NIST CSF, NIST 800-53, ISO 27000.
Governance - Can build and maintain easy to understand, easy to follow, and easy to audit policies, procedures, controls, narratives, and other common components of an enterprise IT GRC program.
qualifications:
Experience level: Manager
Minimum 10 years of experience
Education: Bachelors (required)
skills:
Manager
Manager
Risk Management
ManagerEqual Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.At Randstad Digital, we welcome people of all abilities and want to ensure that our hiring and interview process meets the needs of all applicants. If you require a reasonable accommodation to make your application or interview experience a great one, please contact HRsupport@randstadusa.com.Pay offered to a successful candidate will be based on several factors including the candidate's education, work experience, work location, specific job duties, certifications, etc. In addition, Randstad Digital offers a comprehensive benefits package, including health, an incentive and recognition program, and 401K contribution (all benefits are based on eligibility).This posting is open for thirty (30) days.
denver , colorado
posted august 16, 2024
job details
summary
$65 - $75 per hour
temp to perm
bachelor degree
category computer and mathematical occupations
reference1062390
job details
job summary:
POSITION SUMMARY
The Compliance Manger, IT Governance, Risk, & Compliance will be responsible to ensure compliance with legal and regulatory requirements, including but not limited to Sarbanes-Oxley, HITRUST, and HIPAA. This position will be responsible to document processes and gather evidence to support the accurate and timely execution of IT General Controls for all technology related functions. This includes managing timelines for the completion of audit activities and the related remediation utilizing POAM's. Ability to organize, manage and follow up on a large scale of assigned activities across multiple teams. This role will require effective communication across the organization, and required collaboration with leadership and staff in the compliance, audit and IT organizations.
ESSENTIAL FUNCTIONS
Audit
IT Control Execution
Creation, implementation and management of desktop policies, processes, and procedures to support internal and external audit control testing, including but not limited to; HIPAA, SOX, HITRUST, ISO 27000.
Design and document internal control processes
Gather evidence related to IT General Controls
Analyze and improve processes related to ITGC testing to implement, measure and enforce IT Policy
Customer Audits - Ensures all customer compliance commitments are met at all times
IT GRC System - Design, implement, and optimize the system to monitor, assign and gather evidence for IT control execution
Provide reporting on control compliance to align with audit deadlines
Coordinate with other departmental managers to execute controls and review audit related findings
Internal Audit PBC - Responsible for all IT aspect of data collection for internal audit's PBCs, working with internal teams to produce accurate data, and assuring a full and comprehensive PBC
IT Control Testing & Control Health - Responsible for the timely completion of IT controls on pre-defined intervals (including ad hoc, daily, weekly, monthly, quarterly, and yearly), ensures the health of all IT controls, and manages corrective action plans needed to address any control gaps, weaknesses, or failures
Customer Audits - Ensures all customer compliance commitments are met at all times, and supports all interactions with customer audits of our Program
Industry Audits - Supports all SOC 2, HITRUST, ISO 27000, etc. engagements & audits
Training - Conduct training and knowledge transfer on the execution of audit related control execution for end users and management
Compliance
Regulatory Compliance - Responsible to lead team to gather evidence of the timely and accurate completion of controls for HIPAA, SOX, & ISO 27000 compliance.
Remediation - Document, track and validate completion of remediation activities driven from findings and documented opportunities for improvement
Customer Compliance - Tracks key customer compliance requirements & performs customer compliance activities, such as periodically updating specific customers on specific security and compliance program performance items per a given customer's request, to ensure always-on compliance with our customer requirements
IT General Controls - Document process and procedure to ensure consistent timely completion of all control activities
Governance
Policy Development - Assess and maintain Security Policy to align with a globally-accepted best practice framework, such as NIST 800-53 or ISO 27000
Training - Ensures IT staff are adequately trained to understand the risks & controls for which they are responsible
Reporting - Periodically reports metrics related to IT compliance management activities
OKRs & KPIs - Develops, monitors, regularly reports, and ensures adherence to OKRs & KPIs for IT risk management
Risk Management
Vulnerability Management - Documents and enhances processes to identify, prioritize, and validate completion of remediation activities related to vulnerabilities
Patching - Documents and enhances processes to prioritize, remediate and validate patches for operating systems, applications, and hardware in the enterprise
Risk Management - Assist in the development & management of all IT POAMs
3rd Party Assessment Program - Documents and enhances processes to assess Third Party vendors for risk, security posture, and alignment with IT Security Policies
Security Awareness - Measure and quantify risk to prioritize security awareness communications and training
Leadership
Select, hire, and train Compliance Analysts
Coordinate daily, weekly, monthly activities to optimize resources
Drive accountability for completion of tasks on a timely basis
Provide feedback and career growth opportunities for members of the team
POSITION QUALIFICATIONS
Competency Statement(s)
Collaboration - Outstanding team player, sociable, and able to operate easily in cross-functional and cross-departmental roles
Project Management - Can assist in completing project related deliverables in a thorough and timely manner
Adaptability - Must be able to react to shifting priorities and multitask
Analytical Skills - ability to use thinking and reasoning to solve a problem
Communication, Oral - Excellent ability to communicate effectively with others using the spoken word
Communication, Written - Excellent ability to communicate in writing, clearly and concisely
Customer Oriented - Excellent ability to address the customers' needs while following company procedures
Decision Making - Ability to make critical decisions while following company procedures
Detail Orientation - Thorough, accurate, organized and productive
Interpersonal - Ability to get along well with a variety of personalities and individuals
Organized - Arranges tasks and activities in a structured, systematic way
Problem Solving - Excellent ability to find a solution for or to deal proactively with work-related problems
Relationship Building - Ability to effectively build relationships with customers and co-workers
Working Under Pressure - Driven ability to complete assigned tasks under stressful situations
Flexibility - Sets priorities and adapts to changes in a quick, professional manner
Thoroughness - Research, evaluate, recommend, and document IT GRC solutions
Pragmatic Strategy - Understands & embraces a balance between security risk probability and practical application of remediation, and is outcome-oriented above all else
Education / Experience
Bachelor's Degree in Computer Science, Computer Engineering, or Information Security / Cyber Security, or equivalent combination of education, training, and experience
ISC(2) CISSP certificate preferred
ITIL & GIAC or audit related (CISA/CIA/ISO Lead Auditor) certificates a plus
Minimum 3 years of experience in a full-time Information Security compliance role
Skills
Risk Management - Deep expertise in identifying, documenting, and managing qualitative risk. Expertise in quantitative risk, particularly in the FAIR model, is a significant plus.
Audit Management -understanding of normalized audit processes / methods, goals, motivations, and desired outcomes and organizational skills to ensure timelines are met.
Compliance - Expertise in regulatory requirements and industry standards such as HIPAA, HITRUST, SOX, SOC, NIST CSF, NIST 800-53, ISO 27000.
Governance - Can build and maintain easy to understand, easy to follow, and easy to audit policies, procedures, controls, narratives, and other common components of an enterprise IT GRC program.
location: DENVER, Colorado
job type: Contract
salary: $65 - 75 per hour
work hours: 8am to 5pm
education: Bachelors
responsibilities:
ESSENTIAL FUNCTIONS
Audit
IT Control Execution
Creation, implementation and management of desktop policies, processes, and procedures to support internal and external audit control testing, including but not limited to; HIPAA, SOX, HITRUST, ISO 27000.
Design and document internal control processes
Gather evidence related to IT General Controls
Analyze and improve processes related to ITGC testing to implement, measure and enforce IT Policy
Customer Audits - Ensures all customer compliance commitments are met at all times
IT GRC System - Design, implement, and optimize the system to monitor, assign and gather evidence for IT control execution
Provide reporting on control compliance to align with audit deadlines
Coordinate with other departmental managers to execute controls and review audit related findings
Internal Audit PBC - Responsible for all IT aspect of data collection for internal audit's PBCs, working with internal teams to produce accurate data, and assuring a full and comprehensive PBC
IT Control Testing & Control Health - Responsible for the timely completion of IT controls on pre-defined intervals (including ad hoc, daily, weekly, monthly, quarterly, and yearly), ensures the health of all IT controls, and manages corrective action plans needed to address any control gaps, weaknesses, or failures
Customer Audits - Ensures all customer compliance commitments are met at all times, and supports all interactions with customer audits of our Program
Industry Audits - Supports all SOC 2, HITRUST, ISO 27000, etc. engagements & audits
Training - Conduct training and knowledge transfer on the execution of audit related control execution for end users and management
Compliance
Regulatory Compliance - Responsible to lead team to gather evidence of the timely and accurate completion of controls for HIPAA, SOX, & ISO 27000 compliance.
Remediation - Document, track and validate completion of remediation activities driven from findings and documented opportunities for improvement
Customer Compliance - Tracks key customer compliance requirements & performs customer compliance activities, such as periodically updating specific customers on specific security and compliance program performance items per a given customer's request, to ensure always-on compliance with our customer requirements
IT General Controls - Document process and procedure to ensure consistent timely completion of all control activities
Governance
Policy Development - Assess and maintain Security Policy to align with a globally-accepted best practice framework, such as NIST 800-53 or ISO 27000
Training - Ensures IT staff are adequately trained to understand the risks & controls for which they are responsible
Reporting - Periodically reports metrics related to IT compliance management activities
OKRs & KPIs - Develops, monitors, regularly reports, and ensures adherence to OKRs & KPIs for IT risk management
Risk Management
Vulnerability Management - Documents and enhances processes to identify, prioritize, and validate completion of remediation activities related to vulnerabilities
Patching - Documents and enhances processes to prioritize, remediate and validate patches for operating systems, applications, and hardware in the enterprise
Risk Management - Assist in the development & management of all IT POAMs
3rd Party Assessment Program - Documents and enhances processes to assess Third Party vendors for risk, security posture, and alignment with IT Security Policies
Security Awareness - Measure and quantify risk to prioritize security awareness communications and training
Leadership
Select, hire, and train Compliance Analysts
Coordinate daily, weekly, monthly activities to optimize resources
Drive accountability for completion of tasks on a timely basis
Provide feedback and career growth opportunities for members of the team
Skills
Risk Management - Deep expertise in identifying, documenting, and managing qualitative risk. Expertise in quantitative risk, particularly in the FAIR model, is a significant plus.
Audit Management -understanding of normalized audit processes / methods, goals, motivations, and desired outcomes and organizational skills to ensure timelines are met.
Compliance - Expertise in regulatory requirements and industry standards such as HIPAA, HITRUST, SOX, SOC, NIST CSF, NIST 800-53, ISO 27000.
Governance - Can build and maintain easy to understand, easy to follow, and easy to audit policies, procedures, controls, narratives, and other common components of an enterprise IT GRC program.
qualifications:
Experience level: Manager
Minimum 10 years of experience
Education: Bachelors (required)
skills:
Manager
Manager
Risk Management
ManagerEqual Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.At Randstad Digital, we welcome people of all abilities and want to ensure that our hiring and interview process meets the needs of all applicants. If you require a reasonable accommodation to make your application or interview experience a great one, please contact HRsupport@randstadusa.com.Pay offered to a successful candidate will be based on several factors including the candidate's education, work experience, work location, specific job duties, certifications, etc. In addition, Randstad Digital offers a comprehensive benefits package, including health, an incentive and recognition program, and 401K contribution (all benefits are based on eligibility).This posting is open for thirty (30) days.