$120000.00 to $130000.00 yearly
Position: IT Compliance Manager
The role will manage and execute risk management functions, security project management, promote organizational security awareness functions and assist the Senior Manager of Global Information Security Risk and Compliance in policy development. In this role, the manager will also ensure the organization complies with statutory and regulatory requirements and standards regarding information storage, access, security and privacy. The ideal candidate will have a track record of success in the information security field and possess a solid understanding of information security methodologies. As well as regulatory and compliance requirements as they relate to all lines of business and across all functional areas within our organizations.
- Function as point of contact and subject matter expert relating to IT Governance & regulatory compliance.
- Drive the identification, implementation, and improvement of the organizational privacy strategy, framework, and standards globally.
- Develop and implement processes to identify and address evolving privacy risks inherent in the organization’s operations, and in the development of new products, services and technologies
- Define, enable and manage processes for data subject/individual rights and requests, and ongoing tracking and monitoring of such processes and requests.
- Provide “privacy by design” counseling to cross-functional teams for new products and initiatives
- Define and maintain privacy related management information to assist with reporting and demonstrating accountability to relevant stakeholders
- Maintain and report on security controls required by NIST, HIPAA-HITRUST, GDPR, PCI, SSAE-18 Type 1 SOC 2 , ISO 27001 & SOX and other regulatory requirements and security and privacy compliance frameworks
- Execute risk assessment and continuous compliance monitoring (auditing) of IT controls
- Coordinate IT participation in and follow-up on internal and external audits
- Assist in managing the planning, designing, writing, and finalization of policies, control framework and procedures to comply with NIST guidelines.
- Monitor remediation activity and verify control effectiveness for identified weaknesses
- Coordinate IT SMEs and documentation in preparation for customer or other authority audits
- Performs assessments of Third Party services providers including cloud services for adherence to best practices or known frameworks like NIST, etc.
- Prepare and distribute reports to IT staff and management
- Provide consultation to IT staff in interpretation of audit observations and formulation of corrective action plans
- Oversee documentation, reporting, and closure of compliance or quality issues
- Provide interpretation and consultation to staff and project teams on regulations, guidelines, compliance status, and policies and procedures.
- Other duties as assigned
- 3-7 year experience in privacy regulations (e.g. GDPR, HIPAA, CCPA, PIPEDA etc) and demonstrable experience in the interpretation of and compliance with such regulations in a complex business environment.
- 3 - 7 years’ in IT, or Audit, including specialization in IT Security and/or a combination IT Compliance, IT Audit, and Information Security
- Five (5) years’ experience managing IT Compliance programs and monitoring, with specific emphasis on NIST/ ISO/ HIPAA/PCI/ SSAE-18 related requirements.
- Subject matter expertise with security and compliance lifecycles and industry frameworks, standards, and guidelines (NIST, FISMA, ISO, COBIT, ITIL)
- Experience and expertise in the development, execution, and maintenance of HITRUST compliance or equivalent HIPAA Experience.
- Bachelor’s degree in Computer/Information Science (or related BS degree).
- Must be able to build and leverage internal and external relationships, facilitate decisions and results at all levels of the enterprise, and drive strategies and projects to solution.
- Be able to provide manage a wide range of compliance issues relating information security; coordinate remediation efforts throughout the enterprise, analyze risks and implement mitigation actions;
- Demonstrated analytical and problem-solving skills applied to both technical and business challenges.
- Knowledge of applicable practices and laws relating to data privacy and protection.
- Knowledge of basic software programming paradigms and best practices inclusive of, but not limited to, Privacy by Design and OWASP.
- General knowledge of hardware systems and architectures, both traditional data center and public-cloud.
- SDLC operational lifecycle familiarity
- Ability to relate regulatory or framework requirements to multiple parties including engineering staff of both hardware and software.
- Project management experience.
- Experience in strategic planning, budgeting, consulting, and general industry experience.
- Proficient ability to react to high pressure dynamic changing environments.
- Proficient ability to effectively utilize resources throughout the organization as well as external vendors.
- Demonstrated effective leadership and communication skills.
- Experience working in a team-oriented, collaborative environment.
- Demonstrated results orientation, initiative, attention to detail, and customer service orientation.
- Excellent written, verbal and presentation communication skills
- Obtained or demonstrates an active pursuit of one or more of the following certifications: CISM, CISA, CGEIT, CRISC certifications, Project Management Professional (PMP) or other related certifications.
- 3-5 years' Project Management experience to include Participation in life cycle project implementations (from scoping/planning, requirements gathering, design, development, testing, launch and support).
Technology doesn't change the world. People do.
As a technology staffing firm, we can't think of a more fitting mantra. We're extreme believers in technology and the incredible things it can do. But we know that behind every smart piece of software, every powerful processor, and every brilliant line of code is an even more brilliant person.
Leader among IT staffing agencies
The intersection of technology and people — it's where we live. Backed by more than 65 years of experience, Robert Half Technology is a leader among IT staffing agencies. Whether you're looking to hire experienced technology talent or find the best technology jobs, we are your IT expert to call.
We understand not only the art of matching people, but also the science of technology. We use a proprietary matching tool that helps our staffing professionals connect just the right person to just the right job. And our network of industry connections and strategic partners remains unmatched.
Apply for this job now or contact our branch office at 888-490-4429 to learn more about this position.
All applicants applying for U.S. job openings must be authorized to work in the United States. All applicants applying for Canadian job openings must be authorized to work in Canada.
© 2019 Robert Half Technology. An Equal Opportunity Employer M/F/Disability/Veterans.
$120,000.00 - $130,000.00 /Year
Engineering, Information Technology, Design