Senior Manager Information Technology Compliance
Provides assurance and risk-based consulting to the Information Technology compliance program including Security, SOX, PCI and Privacy Programs. Develops testing programs throughout the environment to provide feedback to various members of management including Senior Leadership team. Collaborates with IT security to develop metrics and tests performance to provide independent verification of health of program. Partners with Management on privacy programs throughout the environment including assistance on developing programs for any newly passed legislation. Continues to develop IT SOX program and conduct testing to ensure compliance with Sarbanes Oxley. Works with external auditors and gives feedback to Management on design of program. Performs risk-based audits including pre-implementation reviews and ongoing testing on PCI program. Provides risk-based feedback to help the organization meet long-term objectives.
- Partners with Information Technology Security Leadership to develop key metrics to measure the health of the program. Conduct risk-based tests throughout the environment to provide independent assurance to both Management and the Board of Directors.
- Provides timely feedback on performance of IT Security program. Develops summarized presentations to Management.
- Works with external audit to assess design of IT’s SOX program. Conducts annual testing and provides timely feedback on both design and testing results to Management.
- Ensures IT Security maintains PCI compliance through development and performance of testing over program.
- Works with Senior Director of Internal Audit and Compliance to administer privacy programs including GDPR and CCPA. Develops privacy trainings to educate associates throughout the organization. Enforces compliance with privacy programs.
- Works with Senior Director of Internal Audit to enhance privacy programs on any new released legislation.
- Partners with IT Security to review third party security assessments.
- Assists IT Security on consulting during various projects. Adds insight on vendor selection process.
- Keeps up to date on security trends.
- Demonstrates clear communication throughout the organization and becomes an effective partner with IT and business leadership.
- Performs ongoing risk assessments and discusses vulnerabilities with various members of Management.
- Knowledge of IT frameworks is required, including NIST, PCI, and SOX.
- Knowledge of security best practices (design, data protection, networks, encryption, access, threat intelligence, etc.)
- Experience with Privacy Programs including GDPR and CCPA.
- Strong analytical and problem-solving skills, as well as excellent writing skills
- Excellent communication skills and experience presenting to senior leadership. Ability to communicate to both technical and non-technical associates.
- Demonstrated ability to build partnerships across all levels of the organization.
- Demonstrated ability to team build, collaborate and partner.
- 8+ years’ experience in IT Security or IT Audit
- 5+ years testing compliance programs either in public accounting, consulting or at a public company (preferably in a retail environment) including SOX, IT Audits, and Security testing.
- 2+ years’ experience with testing PCI programs (ISA, QSA or other comparable experience).
- CISA required. CISSP or CISM preferred.