Job
Description
The GRC Compliance Manager responsibilities include Evaluate, interpret, and ensure clarity of contractual audit and compliance program obligations and client objectives. Implement and drive GRC approach to promote ongoing audit readiness to enable contribution toward effective IT security hygiene and risk management across supported control environment. Lead engagement with key stakeholders to address security and compliance posture issues. Contribute to Continuous Improvement including GRC tool support and related Compliance initiatives, as determined. Audit & Compliance Support Participate in controls monitoring & testing for quarterly and annual audit/assessment cycles. Perform as Compliance subject matter expert and gatekeeper to ensure audit evidencing is collected and thoroughly reviewed prior to submission to an audit or assessment. Drive the management of audit evidence ensuring control owner adherence to regulatory requirements for internal and external inspectionSOX, PCI, GDPR, CCPA, and other frameworks. Coordinate the collection of audit evidence and provide timely responses to support audits and/or assessments from internal/external auditors/assessors. Work with technology teams and internal and external support staff to Communicate and clarify audit evidence and/or compliance requirements Facilitate internal and external meetings Socialize audit schedules and manage timelines and due dates Align understanding and/or improve policy, process, procedure documentation Track, socialize, maintain, and report on audit program requirements Serve as a liaison between internal/external auditors and control owners during audits. Prepare and provide necessary documentation and evidence to auditors, ensuring accurate and timely response to audit requests. Drive Control Owner preparedness training ahead of audit walkthroughs, as required. Coordinate and/or facilitate audit walkthrough related to IT processes and controls. Assist control owners in planning appropriate responses to identified control deficiencies. Prevent scope creep and unwarranted audit findings. Drive documentation of a formal management response to audit report findings. Drive remediation plan development/approval and monitor readiness for control validation, and closure of findings. Maintain knowledge of security infrastructure/cloud systems, tools, technologies, and processes to enable understanding and communication regarding risk impacts within the control environment (e.g., dataflow/systems architecture, IAM, etc.). Provide guidance and/or recommendations to enable remediation plan development. Perform follow-up related to audit recommendations and remediation tasks/activities through completion. Governance Promote strong Compliance practices. Coordinate and perform recurring logical access reviews and drive post-review remediation. Develop and present GRC Compliance reports and dashboards that provide insights related to audit and compliance functions and progress toward compliance related initiatives. Maintain awareness and monitor for change of security policy & standards, regulatory requirements inventory, and annual audit plan; provide guidance related to such changes. Develop and provide regular GRC Compliance Program Updates to Account Leadership. Required Skills & Experience Bachelors degreeInformation Technology, Computer Science, Engineering, or related field Effective communication, presentation, interpersonal relationship building, and business acumen 5+ years in an Audit, Compliance, GRC, or Risk Management role with participation in 2 or more full-cycle SOX audits Minimum of 3 years of hands-on IT Operations experience with strong understanding and application of IT Security frameworks such as SOX, SSAE18 SOC1 Type 2/SOC2 Type 2, PCI-DSS, ISO/IEC 27001, CIS, NIST 800-53, etc. Solid problem-solving and decision-making abilities. Understanding and application of audit methodologies, risk assessment, and control evaluation Proficiency in documenting processes, control narratives, and audit findings/remediation Attention to detail and ability to work independently and collaboratively Ability to remove obstacles, enforce compliance objectives, and drive stakeholders to ensure timely delivery of GRC services Ability to manage competing priorities and comfortable to work through ambiguity Desired Skills / Certs Experience in a hybrid/cloud infrastructure environment with complex regulatory requirements Experience with GRC tools and platforms Familiarity with project management practices and techniques Experience working in a matrixed cross-functional environment within a service organization Experience in a client-facing role One or more professional certificationsCISA, CISSP, CRISC, CISM, CGEIT, or equivalent Graduate Degree Preferred Job Segment Computer Science, Manager, Project Manager, Consulting, Technology, Management
