RIT Solutions, Inc.
IT Manager - Controls & Risk Management
RIT Solutions, Inc., San Francisco, California, United States, 94199
Title-IT Manager - Controls & Risk ManagementLocation-Westborough, MassachusettsDuartion-6-12+ Months
MUST HAVE: GOOD WORK HISTORY
MetroWest/ Hybrid- Tuesday; Wednesday and ThursdayOur client is a leading publicly traded technology operator. They are recruiting a Manager of Controls and Risk Management to bolster their Information Security group. This team supports the control framework globally (ISO 27001/27002, Sarbanes-Oxley and Payment Card Industry compliance to name a few) and enhances the information security and risk management program.Scope of Role;- Manage the IT control framework globally and drive the design and implementation of SOX controls.- Conduct and monitor third-party system certifications and conduct security and privacy impact assessments for existing and new initiatives across the Company.- Implement/ update GRC tools within the department to further the visibility of controls and access review process, resulting in more efficient processes throughout the Company.- Perform issue analysis and risk mitigation procedures in coordination with management.- Provide guidance and coaching to control owners globally on audit methodology and evidence requirement improving audit experience for internal and external auditors.- Oversee access reviews, SOCI/II reviews, and security policies.- Conduct and monitor third-party system certifications and conduct security and privacy impact assessments for existing and new initiatives across the Company.- Run various trainings promoting awareness of cybersecurity, governance, risk, and compliance.Qualifications- Bachelor's degree in Information Systems, Accounting or Computer Science, or equivalent work experience required.- 5 plus years of IT, information security, or IT audit experience required.- Experience with IT general controls, information security, and privacy regulations strongly preferred.- Experience developing, documenting, and maintaining security and/or privacy frameworks, standards, and controls preferred.- Knowledge of risk management and assessment methods and technologies and/or audit experience required.- Knowledge of Sarbanes-Oxley required.- Knowledge of Information Security Standards (e.g., ISO 27001/27002, NIST) and Data Privacy- Compliance Regulations (e.g., GDPR, CCPA, HIPAA, etc.) preferred.Why is This a Great OpportunityThis opportunity will be attractive to an information technology professional that enjoys leveraging their technical skills to deal with the challenging and changing risk and control issues faced by a complex organization. You may be a strong performer in a consulting firm and/ or currently in another organization looking for a new challenge.Prior experience in a large complex organization is a must
MUST HAVE: GOOD WORK HISTORY
MetroWest/ Hybrid- Tuesday; Wednesday and ThursdayOur client is a leading publicly traded technology operator. They are recruiting a Manager of Controls and Risk Management to bolster their Information Security group. This team supports the control framework globally (ISO 27001/27002, Sarbanes-Oxley and Payment Card Industry compliance to name a few) and enhances the information security and risk management program.Scope of Role;- Manage the IT control framework globally and drive the design and implementation of SOX controls.- Conduct and monitor third-party system certifications and conduct security and privacy impact assessments for existing and new initiatives across the Company.- Implement/ update GRC tools within the department to further the visibility of controls and access review process, resulting in more efficient processes throughout the Company.- Perform issue analysis and risk mitigation procedures in coordination with management.- Provide guidance and coaching to control owners globally on audit methodology and evidence requirement improving audit experience for internal and external auditors.- Oversee access reviews, SOCI/II reviews, and security policies.- Conduct and monitor third-party system certifications and conduct security and privacy impact assessments for existing and new initiatives across the Company.- Run various trainings promoting awareness of cybersecurity, governance, risk, and compliance.Qualifications- Bachelor's degree in Information Systems, Accounting or Computer Science, or equivalent work experience required.- 5 plus years of IT, information security, or IT audit experience required.- Experience with IT general controls, information security, and privacy regulations strongly preferred.- Experience developing, documenting, and maintaining security and/or privacy frameworks, standards, and controls preferred.- Knowledge of risk management and assessment methods and technologies and/or audit experience required.- Knowledge of Sarbanes-Oxley required.- Knowledge of Information Security Standards (e.g., ISO 27001/27002, NIST) and Data Privacy- Compliance Regulations (e.g., GDPR, CCPA, HIPAA, etc.) preferred.Why is This a Great OpportunityThis opportunity will be attractive to an information technology professional that enjoys leveraging their technical skills to deal with the challenging and changing risk and control issues faced by a complex organization. You may be a strong performer in a consulting firm and/ or currently in another organization looking for a new challenge.Prior experience in a large complex organization is a must