POSITION POSTED UNTIL A VIABLE POOL OF CANDIDATES HAS BEEN ESTABLISHED
EDUCATION and/or EXPERIENCE
Bachelor’s degree in Information Technology or a related field and six years of progressively responsible experience as an auditor or compliance analyst, and experience with an automated governance risk control system is required. Must have the ability to review information and effectively and accurately communicate audit and compliance issues to senior management, Directors, managers, technology clients, and audit entities. Must have governance risk control support and project systems experience, and experience executing system administrator duties for automated policies, procedures, risk and audit compliance programs. Experience with assisting in process improvement efforts and work with full compliance methodology life cycles is strongly preferred. Must have excellent verbal and written communication skills and an advanced understanding of project management software tools. In lieu of a degree, directly related experience may be substituted on a year-for-year basis.
INTERVIEW SELECTION PROCESS: The selection process may include one or more components to demonstrate applicants’ knowledge, skills and abilities in job related areas. These may include exercises such as practical demonstrations, written communications, oral interviews and/or competency assessments.
Leads Technology Compliance in establishing and maintaining compliance with multiple audit entities and internal/external audit recommendations. Directs, monitors and reports on work with every office in Technology in response to audits and regulatory requirements from all inquiring audit entities and regulatory agencies. Reviews Technology policies, standards and procedures and compares them to local, state and federal laws to ensure they are following government guidelines and regulatory requirements. Provides leadership to technology management in the identification and assessment of technology related risks. Supervises as system administrator the responsibilities related to the Governance, Risk and Compliance (GRC) software system, setting rules, ensuring the correct controls are in place and functioning and measuring the effectiveness of rules. Ensures that GRC project development efforts are following organization policies, standards, procedures, and controls are adequately incorporated into the system. Reports on the adequacy of risk-based controls; evaluating technology and business-related controls for integrated IT and business auditing efforts. Responsible for supervising and training junior compliance analysts. Proactively plans and performs audits for the Technology department, compiles work papers and writes audit reports.
ESSENTIAL DUTIES AND RESPONSIBILITIES
1. Leads and conducts all phases of compliance, operational and Governance Risk and Compliance (GRC) programs and reviews. Participates in and/or leads in compliance processes, performing all phases of internal and external operational and compliance reviews
2. Leads and provides audits and compliance related to examinations of technology activities to assess and monitor compliance with policies and procedures. Primary customer contact on audit examination engagements and often performs in projects leadership capacity for GRC audit requirements.
3. Leads, assigns, conducts and participates in compliance for Technology projects phase gate reviews by reviewing project documentation, conducting interviews, and assessing project work completed for compliance purposes. Verifies projects deliverables throughout the entire IT projects life cycle and related projects phase reviews.
4. Assists the Manager of IT Compliance in establishing risk management programs, identifying risks in the organization and conducting full risk assessments within Technology as discovered through audit compliance or Sr. Management directed. Conducts and leads junior compliance staff in auditing of identified risk areas.
5. Conducts training sessions for Compliance staff and Technology on system GRC system administration of policies, procedures, risk management and audit compliance
6. Ensures that GRC project development efforts and deliverables are following Technology’s project organization policies, standards, procedures and controls and are adequately incorporated into the GRC system. Leads and prepares the necessary proactive Technology assessments/audit programs, compiles work papers and writes subsequent audit reports,
7. Lead responsibility for implementing, supporting and maintaining four of the nine GRC applications which include policy, procedures, risk and audit tools to support automated GRC audit efforts for Technology
8. Conducts specific legal/regulatory research related to compliance and governance, risk and compliance.
9. Communicates and coordinates responses to audit recommendations with appropriate Technology areas and subsequent responses with remediation or corrective action plans
10. Leads and supports Compliance junior analysts in research of remediation efforts to various audit recommendations and in solutions to GRC system administration objectives.
11. Performs and leads other duties as directed
CERTIFICATES, LICENSES, REGISTRATIONS
Certified Internal Auditor (CIA), Certified Information Systems Security Professional (CISSP), or a Certified Information Security Manager (CISM) is preferred. Certified Information Systems Auditor (CISA), is strongly preferred.
MARTA is an Equal Opportunity Employer and does not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity and/or expression, status as a veteran, and basis of disability or any other federal, state or local protected class.
Number of Openings
MGR TECHNOLOGY SVCS DELIVERY
$65,894 – mid $82,367. -$98,840.
Both Internal and External
To apply for this job email your details to MARTA_Diversity@itsmarta.com