Website Metropolitan Atlanta Rapid Transit Authority (MARTA)
One of the largest transit agencies in the United States
Leads Technology Compliance in establishing and maintaining compliance with multiple audit entities and internal/external audit recommendations. Directs, monitors and reports on work with every office in Technology in response to audits and regulatory requirements from all inquiring audit entities and regulatory agencies. Reviews Technology policies, standards and procedures and compares them to local, state and federal laws to ensure they are following government guidelines and regulatory requirements. Provides leadership to technology management in the identification and assessment of technology related risks. Supervises as system administrator the responsibilities related to the Governance, Risk and Compliance (GRC) software system, setting rules, ensuring the correct controls are in place and functioning and measuring the effectiveness of rules. Ensures that GRC project development efforts are following organization policies, standards, procedures, and controls are adequately incorporated into the system. Reports on the adequacy of risk-based controls; evaluating technology and business-related controls for integrated IT and business auditing efforts. Responsible for supervising and training junior compliance analysts. Proactively plans and performs audits for the Technology department, compiles work papers and writes audit reports.
ESSENTIAL DUTIES AND RESPONSIBILITIES
1. Leads and conducts all phases of compliance, operational and Governance Risk and Compliance (GRC) programs and reviews. Participates in and/or leads in compliance processes, performing all phases of internal and external operational and compliance reviews
2. Leads and provides audits and compliance related to examinations of technology activities to assess and monitor compliance with policies and procedures. Primary customer contact on audit examination engagements and often performs in projects leadership capacity for GRC audit requirements.
3. Leads, assigns, conducts and participates in compliance for Technology projects phase gate reviews by reviewing project documentation, conducting interviews, and assessing project work completed for compliance purposes. Verifies projects deliverables throughout the entire IT projects life cycle and related projects phase reviews.
4. Assists the Manager of IT Compliance in establishing risk management programs, identifying risks in the organization and conducting full risk assessments within Technology as discovered through audit compliance or Sr. Management directed. Conducts and leads junior compliance staff in auditing of identified risk areas.
5. Conducts training sessions for Compliance staff and Technology on system GRC system administration of policies, procedures, risk management and audit compliance
6. Ensures that GRC project development efforts and deliverables are following Technology’s project organization policies, standards, procedures and controls and are adequately incorporated into the GRC system. Leads and prepares the necessary proactive Technology assessments/audit programs, compiles work papers and writes subsequent audit reports,
7. Lead responsibility for implementing, supporting and maintaining four of the nine GRC applications which include policy, procedures, risk and audit tools to support automated GRC audit efforts for Technology
8. Conducts specific legal/regulatory research related to compliance and governance, risk and compliance.
9. Communicates and coordinates responses to audit recommendations with appropriate Technology areas and subsequent responses with remediation or corrective action plans
10. Leads and supports Compliance junior analysts in research of remediation efforts to various audit recommendations and in solutions to GRC system administration objectives.
11. Performs and leads other duties as directed
CERTIFICATES, LICENSES, REGISTRATIONS
Certified Internal Auditor (CIA), Certified Information Systems Security Professional (CISSP), or a Certified Information Security Manager (CISM) is preferred. Certified Information Systems Auditor (CISA), is strongly preferred.
MARTA is an Equal Opportunity Employer and does not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity and/or expression, status as a veteran, and basis of disability or any other federal, state or local protected class.
To apply for this job please visit ibiz.itsmarta.com.