The position will lead initiatives related to HIPAA, data privacy regulations such as HIPAA, and CCPA, as well as control development and compliance within the global ERP platform of D365. In addition, this role will create and maintain a Group wide technology risk register and directly influence senior leadership’s prioritization of technology risk. In addition, the role will work to ensure that organization properly adheres to information security policies, best practices, and principles.
- Partner with technology leaders across the group to understand and document technology risk, resulting in the creation of a maintainable risk register
- Coordination with other non-IT organizations (Human Resources, Finance, Audit, Legal, others) for organizational compliance and/or privacy requirements
- Development of corrective action plans for identified risks and/or compliance related issues that are in line with the firm’s standard technology and processes
- Risk assessments of IT projects, proposed architecture, and significant technology changes or implementations
- Implementation support for technology projects to ensure risk is addressed and compliance objectives are met
- Design, implementation, and execution of controls within the D365 ERP
- Execution of user access reviews on critical applications
- Performance of risk assessments / security reviews on new and existing third-party vendors or SaaS applications
- Monitor and assess security violations and other anomalies
- Champion for information security policies among the Group
- Creation and management of periodic control testing and reporting to ensure ongoing compliance to compliance frameworks and information security policies
- Creation and delivery of both risk and compliance related metrics and dashboards for consumption of senior leadership.
- Performance of technology due diligence on both existing companies within the Group as well as potential M&A.
- Proactively monitor emerging technologies and trends within the cybersecurity and compliance space, ensuring relevant new findings are shared with the broader information security and technology teams
- 5-7 years of experience in IT risk management, IT audit, information security, or information technology
- 3+ years experience overseeing IT security and compliance at a rapidly growing company, preferably within a shared services environment
- Significant knowledge of common information security management frameworks and past participation in both initial certification and renewal of one or more of the following: ISO/IEC 27001, SOC 2/SSAE 16, PCI DSS, HIPAA, SOX, GDPR, CCPA, etc.
- CISA, CGEIT, CRISC, or CISSP certifications
- Strong familiarity with IT security technologies including network and application security, firewalls, access management, and data protection
- Experience assessing IT security vulnerabilities and IT security audit procedures
- Excellent communication skills, both verbal and oral, with a strong ability to continuously provide a best-in-class experience for our clients
- Experience and success in delivering client engagements on-time and within budget
- Knowledge of cyber threats and vulnerabilities
- Proven track record in developing information security policies and procedures
- Proven track record and experience working with stakeholders to develop, monitor, prevent and promptly detect deviations from security policies
- Ability to assess security areas, identify risks, and propose and implement initiatives to address them
- Strong project management experience