Sr. Information Security Governance, Risk, and Compliance Specialist

The Senior Information Security Governance, Risk and Compliance (GRC) Specialist is a high impact role that will work with key stakeholders across IT, R&D, and Security to define and implement robust controls (ITGC) and processes specifically for the Sarbanes Oxley Act (SOX). The individual will assist in maturing the program to monitor the effectiveness of controls, mitigate risk and ensure compliance of technology systems and processes associated with SOX requirements. The individual will liaison with internal and external parties to manage technology related audits and provide recommendations to improve controls and the overall program. Additionally, the role will also support the Head of Security Governance, Risk, and Compliance (GRC) with GRC related activities including policy governance, compliance monitoring, customer audits, and risk management.

ESSENTIAL DUTIES AND RESPONSIBILITIES:

• Lead effort to test and document IT controls related to financial reporting and SOX e.g. IT General Controls (ITGCs) and IT Application Controls (ITACs).

• Support and create SOX ready documentation including policies and procedures, narratives, flow charts, control descriptions, etc. Additionally, establish repeatable process to draft SOX related documentation e.g. assertions.

• Plan, execute, and manage technology-focused SOX compliance audits, risk assessments, and controls testing. Manage IT testing schedule and coordinate with IT team members and internal and external auditors.

• Work with the current GRC team and tools to establish a monitoring program to pragmatically assess controls per SOX guidelines. Manage controls and evidence repository and tooling. Conduct periodic reviews to ensure application controls and ITGC are configured across SOX related systems.

• Work with IT stakeholders to test controls and remediate gaps for existing systems. Project manage control design for new systems and processes, ensuring appropriate internal controls are in place prior to launch.

• Review, assess, and evaluate reported control deficiencies. Define root causes and planned corrective actions in conjunction with IT and business process owners.

• Train process and control owners regarding their responsibility to SOX and other controls.

• Update company leadership on program status and recommendations.

• Support additional Information Security GRC efforts, such as policy governance, compliance monitoring, and risk management.

• Ability to communicate with internal stakeholders, external auditors, as well as customers when applicable.

• Identify opportunities for innovation, including identifying controls that can be automated to ease the adoption and compliance of security controls.

QUALIFICATIONS AND SKILLS NEEDED:
 

Education:

• Bachelors in Management of Information Systems or related field. NOTE: May also consider Associates Degree based on relevant experience and certifications

• Relevant Security Certifications Preferred (e.g. CISA, CIA, CISSP)

Experience:

• 5+ years of experience in IT SOX audit. Experience working within a “Big 4” or large regional public accounting firm is a plus.

• Knowledge of common information security frameworks and IT controls frameworks, such as ISO/IEC 27001, and NIST.

• Strong working knowledge, understanding and experience in building, maintaining, and maturing effective IT SOX and Security Governance, Risk, and Compliance functions.

• Understanding of IT SOX and information security risk and compliance management procedures and methodologies. Experience leading and promoting risk discussions.

• Prior experience with implementing or using GRC tools.

• Strong learning agility

• Experience with Oracle EBS is a plus

• Ability to influence with or without authority.

• Experience working in a global organization with globally dispersed stakeholders.

• Demonstrated ability to establish and leverage key internal and external cross-functional relationships to further accomplish support for compliance, risk management and governance.

• Excellent communication skills including experience effectively delivering guidance/findings/directions to both technical non-technical audiences.

• Ability to prioritize workloads and ensure deadlines are consistently met.

EEO Statement

Clario is an equal opportunity employer.  Clario evaluates qualified applicants without regard to race, color, religion, gender, national origin, age, sexual orientation, gender identity or expression, protected veteran status, disability/handicap status, or any other legally protected characteristic.