Manager, Audit & Compliance

The Manager of Audit and Compliance is responsible for leading the design, development, implementation, and maintenance of RouteOne's Comprehensive Information Security Program, ensuring it aligns with the sensitivity of information and data relative to the complexity, nature, and risk associated with RouteOne’s business operations. Duties include conducting third-party SOC and GLBA audits, ensuring compliance with the FTC Safeguards Rule, engaging with  Routeone Member and customer audit staffs and responding to their respective audit requests, creating and updating evidence documentation, as well as managing remediation of any findings from internal or external audits.

Additionally, the Manager of Audit and Compliance is responsible for reporting the effectiveness of RouteOne's internal controls to two subcommittees of the Board of Directors: The Audit Committee and the Cybersecurity Committee. 

Job Requirements

• Develop and maintain a comprehensive information security program in order to ensure the protection of confidential customer and company information and data.
• Report quarterly to the RouteOne Board of Directors – Audit Committee and RouteOne Board of Directors – Cybersecurity Committee annually.
• Identify, develop, and implement appropriate financial, administrative, technical, and physical controls; including documentation evidence that the controls worked as expected.
• Verify that all company and regulatory policies and procedures have been documented, implemented, and communicated appropriately.
• Responsible for SSAE18, SOC1, SOC2, SOC for Cyber and GLBA audits to meet enterprise goal of zero findings. Identify and anticipate risks to the security and integrity of data, including but not limited to unauthorized access and misuse, and implement appropriate security safeguards.
• Conduct internal and external security and control audits including due diligence security assessments of existing/ potential vendors and integration partners to ensure service providers maintain equally secure environments as RouteOne.
• Lead engagement and communication with external auditors conducting year-long security compliance reviews.
• Represent RouteOne to its Members and outside constituencies on all matters concerning audit, compliance, and organizational controls.
• Monitor and adjust safeguards as business, environmental, or operational changes impact RouteOne physical and system risks.
• Keep abreast of emerging threats, vulnerabilities, and best practices as they relate to information governance, technology compliance and audits.
• Analyze compliance risks to minimize losses or damages to the company. 
• Train compliance and audit staff in all aspects of RouteOne’s audit and compliance programs, developing their audit, compliance, risk assessment and customer relationship skills.
• Identify effective training tools and education programs to mature the capabilities of compliance and audit staff expertise in line with rapid technological change.
• Address emerging compliance issues with management or employees and advise management on the implementation or operation of compliance programs.
• Consult with Legal team as necessary to address compliance issues 
• Collaborate with Human Resources to ensure the implementation of consistent disciplinary action strategies in cases of compliance standard violations.
• Prepare management reports regarding compliance operations, issues and progress.
• Assist with RFPs, RFQs, and review of compliance and audit requirements associated with contract negotiations.
• Manage all compliance audits and related activities.
• Conduct twice-yearly performance reviews, and track metrics of audit and compliance efforts for use by Management to forecast and prepare for future needs.
• Maintain safety, security, and privacy standards throughout all areas of responsibility. 

Knowledge 

• Experience in complying with auditing standards developed by the AICPA.
• Experience in conducting comprehensive compliance and control internal audits.
• Experience in developing and implementing financial, administrative, technical, and physical controls, policies, and procedures.
• Experience responding to B2B customer audits and leading remediation efforts where needed, with a focus on building and maintaining effective customer relationships.
• Knowledge of industry standards, best practices, and emerging trends in FinTech, automotive, and IT compliance. 

Skills 

• Proficient in Microsoft Office products, including but not limited to: Word, PowerPoint, Excel, Outlook, Defender, Teams, SharePoint and Visio. 
• Experience in frameworks such as NIST, Cloud Security Alliance, ISO 27001, CIS critical controls, and PCI-DSS.
• Proficient in ticketing systems such as JIRA, CloudLink, ServiceNow and Salesforce.
• Experience in Agile Development practices.
• Experience with securing an AWS instance within a shared security model. 

Abilities 

• Ability to use relevant information and individual judgment to determine whether events or processes comply with laws, regulations, or standards. 
• The ability to communicate information and ideas both verbally and in writing, into actionable insights so that both technical and non-technical audiences understand
• Ability to thrive in dynamic, fast-paced software development environment.
• Proactive, detail-oriented professional capable of working with all levels in the organization to design solutions which support business as we adhere to our compliance obligations.
• Work independently and in team situations across all departments, to establish priorities, assess complex scenarios, identify potential risks, and develop strategies to mitigate them.
• Ability to adapt to shifting priorities while simultaneously managing high-visibility projects to ensure their successful completion.
• Ability to adapt to shifting priorities while simultaneously managing high-visibility projects to ensure their successful completion.
• Ability to take a practical business-focused approach to information technology audit and compliance activities IT Security.
• Strong analytical, problem-solving, communication, and technical skills.

Other Essential Requirements 

• Bachelor's degree in information technology, related business field or suitable work experience.
• Master's degree in management preferred.
• Minimum of 8-10 years’ experience in the information technology audit and compliance realm, with proven experience in developing and implementing a comprehensive security program.
• Supervisory experience.