|IT Governance and Risk Specialist
|Cleveland, Ohio - United States
|Full Time / Direct Hire
|$90,000.00 - $140,000.00 - US Dollars - Yearly
|Employer Will Recruit From:
Position Summary Manages and oversees systems to protect data from unauthorized access. Accountable for strategic creation and enforcement of all IT security policies/procedures/standards, implementing and managing the IT tools and technology to support risk and audit processes, and performing periodic IT risk assessments.
Manages and enforces adherence to security incident response process.
This position is also responsible for managing the IT audit related activities for both internal and external IT auditors.
Develops, maintains and monitors the information systems security plan to ensure the continuity of operations across the enterprise.
Coordination with key functions including Internal Audit, Cybersecurity Council, Accounting, and IT Leadership.
Essential Job Functions
1. Manages and coordinates IT's all compliance and audit related activities, including SOX 404. Point of contact for information inquiries related to policies, procedures, controls, and IT audits. Manages IT interactions with Internal Audit, External Audit, and Business Management as it relates to audit, compliance, and monitoring activities. Coordinates with additional key functions and groups where necessary such as the Cybersecurity Council, Accounting, Legal, and IT Leadership.
2. Manages the tools and technology used to support IT risk and audit processes.
3. Own and enforce IT Security policies, procedures and standards, including the security incident response process and metrics. Ensure that enterprise-wide security policies and standards align with the business and are documented and periodically reviewed, updated, and distributed to appropriate individuals. Enforce adherence to IT Security policies and procedures across the enterprise; regularly educate and re-enforce expectations and approach across the enterprise.
4. Develop and execute periodic IT risk assessments. Support development, maintenance, and execution of the IT security plan, ensuring that it aligns to risk assessment and continues to be reflective of, and aligned to, changes in the IT environment and threat landscape.
5. Assist in coordinating and monitoring Disaster Recovery activities, including configuration, procedures, documentation and testing. Ensure integration and alignment to the Company's broader Business Continuity Plan.
6. Develop, monitor, track and report against IT Governance and Risk metrics and KPIs (including audit and DR activities) that help the Leadership understand threats, vulnerabilities and risks associated with protecting information across the enterprise and plans to mitigate those risks. Drive process improvement and/or adjustments where necessary based on trends identified. Regularly report current events, initiatives, updates, and major incidents and problems to management.
7. Analyze incidents, problems and requests and identify trends and solutions. Research new threat detection/risk avoidance options and offer improvement opportunities. Act as Subject Matter Expert and/or point of escalation for IT risks across the enterprise. Provide direction, motivation, training, and support to staff across the enterprise as it relates to IT Governance and Risk.
This position requires a(n) Undergraduate (Bachelor) Degree
Additional degree(s) that are preferred for this position include: Undergraduate (Bachelor) Degree in Business or Information Technology
Work experience Below is the required/preferred work experience for this position:
Required/Preferred 5-7 Years Specific IT DR planning and testing, risk management & analysis, business system resumption planning, and contingency planning.
Required 1-2 Years General IT Security
Preferred 3-4 Years Specific Hands on SAP Experience (ECC, BW/BCS, PI, Solution Manager)
Preferred 5-7 Years Specific IT Risk or Audit frameworks such as COBIT & COSO
Required 3-4 Years Specific SOX 404 and Internal Control experience
Required Licenses & Certifications Below are the licenses/certificates required/preferred for this position:
Required/Preferred Certificate in discipline Certified Information Security Manager (CISM)
Preferred Certificate in discipline Certified Information Systems Auditor (CISA)
Required Certificate in discipline Certified Information Systems Security Professional (CISSP)
Below are the required/preferred skills for this position:
Required/Preferred Leadership Working Required Customer Partner Orientation Working equired Interpersonal Skills Advanced Required System & Process Orientation Advanced Required Influence Advanced Required Tolerance of Ambiguity Advanced
Required IT Risk Management Advanced
Required IT Compliance Advanced
Required Coaching / Development of Others Basic Required IT Service Function Working Required Team Orientation Working Required Travel Travel up to 10% of the time
How can we make this page better for you? Add your suggestions below.