Senior IT Risk and Control Specialist - Remote

Overview

The Senior IT Risk and Control Specialist is part of the Information Technology department, which resides on the IT Governance team and reports to the Director of IT Governance. The Senior IT Risk and Control Specialist will be responsible for supporting risk control owners within the IT department in the design, implementation, documentation, and evaluation of their respective risk controls. The role will also coordinate with internal and external stakeholders to help ensure the effectiveness of the IT control set, assist with internal and external audit response, and support gap remediation and control enhancement efforts. The ideal candidate will have a broad technical understanding of modern IT systems and infrastructure, combined with direct experience designing, implementing and/or evaluating effective internal controls for IT systems and services.

 

The Center for Internet Security (CIS) makes the connected world a safer place for people, businesses, and governments through our core competencies of collaboration and innovation. We are a community-driven nonprofit responsible for industry-leading best practices for securing IT systems and data. CIS is also a trusted resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial (SLTT) government entities and election offices.

 

CIS has an award-winning reputation for investing in its people (click here to learn more), as well as continuous learning and development. We offer our employees diverse opportunities to expand their impact personally and professionally, in their local communities, and among one another. Core Leadership Principles drive our employees at every level of the organization, empowering them to be leaders in everything they do.

 

Salary Range: $83,700 - $146,600  We offer a competitive total rewards package at the Center for Internet Security:

• Base salary is determined on a number of factors including, but not limited to, education, experience and skills
• Health (PPO, EPO, HSA), Dental & Vision Insurance eligibility starting from the first day of hire
• $500 wellness card for Health Coverage Participants
• 401(k) with 4% Company Match, vested from the first day of hire
• Flexible Spending Account (FSA) & Dependent Care Account (DCA)
• Life Insurance
• Bonding Leave
• Paid Volunteering Program
• Bonus eligibility
• Paid Time Off (PTO) inclusive of vacation, personal and sick time
• Paid Holidays
• Wellness Program
• Employee Engagement Activities
• Professional Development Opportunities
• Tuition Reimbursement
• Student Loan PayDown Program
• Employee Referral program
• Employee Assistance Program

What You'll Do

• Assist in the coordination, design, and implementation of IT risk controls to meet risk mitigation expectations, internal and external audit requirements, and regulatory and contractual obligations
• Engage with IT control owners, IT leadership, and Governance, Risk, and Compliance (GRC) teams to drive integration of control activities with IT processes and procedures, and to promote continuous implementation and documentation of control activities
• Support and collaborate with IT control owners in the development and implementation of their respective controls to ensure effective design, and identify and leverage opportunities for control automation
• Implement control automations where possible to increase control efficiency while maintaining control effectiveness
• Engage with control owners to develop key risk indicators (KRIs) to measure the effectiveness of control design
• Track and monitor established KRIs on an ongoing basis to identify opportunities for improvement and work with control owners to implement identified improvements
• Coordinate with IT control owners to complete regular control self-assessments, help to evaluate the results, provide recommendations, and a take necessary action to address any identified gaps
• Serve as the primary IT contact for Internal Audit and GRC teams, and for internal or external audit or regulatory evidence requests
• Coordinate with Information Security, Internal Audit, and GRC teams to help implement effective IT Governance processes and ensure alignment with the organization’s risk tolerance and mission goals
• Assist in the development and ongoing review of IT policies and standards
• Other tasks and responsibilities as assigned

What You'll Need

• Bachelor’s degree in Computer Science, Information Systems, or related field*
• 5+ years of experience supporting enterprise information technology systems
• 5+ years of experience designing and implementing effective security and risk controls for enterprise IT systems OR auditing internal controls for IT systems and services
• Experience responding to or conducting control audits of IT systems and services
• Strong technical skills
• Strong project management skills
• Ability to document and communicate IT risk and related controls to both technical and non-technical stakeholders at all organizational levels
• Must be authorized to work in the United States

It's a Plus if You Have:

• Experience in information systems audit preparation and response
• Recent technical working knowledge of enterprise IT systems and services
• Experience operating in a highly regulated or secure environment 
• Knowledge of dynamic and high-level programming languages and scripting
• Professional Certification such as CISSP, CISA, or other related certifications

*Additional years of relevant experience or a combination of an Associate’s degree or equivalent and relevant experience may be substituted for the Bachelor’s degree.

 

At CIS, we are committed to providing an inclusive environment in which the diverse backgrounds, experiences, and views of our employees, members, and customers are valued and respected. It is through this commitment that we are able to work together towards our common mission: to make the connected world a safer place.