Job #: 1774
Title: Security and Compliance Manager – Grand Rapids, MI
Must be a US Citizen due to Federal requirements
Coordinate SOC and other compliance reviews with external auditors.
Assembling relevant evidence by working with SMEs
Reviewing evidence for accuracy prior to sharing with auditors
Scheduling interviews for SMEs and GT auditors
Coordinating any onsite assessments conducted by GT
Uploading evidence documentation to the ServiceNow
Design and execute tests of key IT controls assigned to the Risk Management Office.
Assign control activities to owners and follow through to completion.
Educate control owners as appropriate to ensure understanding of assigned controls.
Provide a sound basis for the Management Assertion in the SOC reports.
Respond to client inquires related to the SOC reports.
Assist external auditors in collection of their requested test samples.
Update SOC report narrative sections each year to ensure it accurately reflects product service offerings.
Drive the quarterly Internal Control Questionnaire (ICQ) process designed to assess the design and operating effectiveness of existing SOC controls.
Provide quarterly report to Senior Staff on the state of IT controls including control deficiencies in need of remediation.
Perform annual compliance training.
Ensures IT compliance incidents are promptly addressed, documented and resolved; considers implications, makes recommendations and takes appropriate follow-up actions.
Identify IT controls, assess their design and operational effectiveness, determine risk exposures and develop remediation plans.
Perform information security risk assessments of technology enabled projects.
Activities include: security requirement definition, facilitation of security testing, and management of residual risk.
Advise and assist project teams regarding compensating control alternatives where security requirements cannot be met.
Act as the primary point of contact between IT project teams and the IT Security group to ensure that appropriate security resources are scheduled and that security-related project objectives and timelines are met.
Liaise with IT and other representatives of assigned business functions to ensure that project pipelines are understood and that project priorities are reflected in IT Risk & Security’s resource planning.
Function as a subject matter expert in several IT security domains (e.g. access control, cryptography, monitoring, etc.) Continuously improve the security aspects of operating processes.
Other duties as assigned
A minimum of 5 years performing IT security risk assessments.
A minimum of 5 years performing and/or leading IT compliance audits.
Excellent oral and written communication skills.
Ability to create and maintain detailed documentation of control environment using risk/control matrices and flow diagrams.
Ability to work independently as well as within a team at a high level.
Knowledge of IT Auditing, IT General Controls, IT Application level controls.
Ability to design controls in support of achieving control objectives.
Ability to think analytically about problems assigned or encountered.
Resourcefulness and ability to take the initiative in development and completion of work.
Understanding of security principles, IT security controls and related technologies and products
Bachelors Degree Preferred