The IT Risk and Compliance Management Specialist provides strategic leadership and guidance in IT risk management approaches, as well on IT compliance management and internal controls.  Further, this individual will be responsible to develop and maintain the IT Risk and Compliance frameworks, processes and tools. This includes working with IT Executive, IT Leaders and Business leaders to assess and identify risks, develop strategies to mitigate the risks, to an acceptable level.  Finally, this role will monitor compliance and develop IT Risk reporting at the business level, aligning with the related policies and standards, meeting both internal and external requirements.

IT Risk and Compliance Management Specialist Duties & Responsibilities 

Risk Management

Provides strategic leadership and guidance in IT risk management approaches.

Develops and maintains the IT Risk Management framework, processes and tools

Establishes and maintains relationships with corporate risk management teams to align IT and corporate strategies, plans, frameworks and processes.

Delivers or leads IT executive, IT Leader and Business Leader awareness and training on the IT Risk Management framework and process.

Conduct IT risk assessments with IT and business leaders to ensure IT risk are identified and mitigated to an acceptable level.

Establishes, maintains, leads, mentors and coaches an enterprise wide team of IT risk analysts to provide risk management facilitation, advice and consultation to IT and business leaders.

Conducts independent risk assessments as requested by IT executives or leaders.

Coordinates and prepares IT responses to enterprise risk management requests.

Works with IT leaders to monitor risks and risk mitigation on an on-going basis.

Establishes and maintains a risk register.

 IT Compliance and Internal Controls Management

Provides strategic leadership and guidance on IT compliance management and internal control approaches.

Develops and maintains the IT compliance and control framework, processes and tools.

Establishes and maintains relationships with corporate compliance, legal and audit.

Conducts external requirements reviews and planning (e.g. regulatory and legal).

Leads and supports the development, implementation and maintenance of IT policies/ standards and controls across all divisions.

Oversees, coordinates and supports IT policy, standards and control self-assessments and IT third party service providers control assessments.

Establishes, maintains and conducts the policies, standards and controls certification process.

Coordinates and supports Audit and IT leaders with an internal audit planning and responses.

Leads independent external requirements (regulatory and contractual), control and policy assessments and identification of gap closure recommendations.

Monitors and reports actions to remediate policy, standard and control exceptions and compliance issues.

Support and administer policies, standards and controls exception process.

Establishes and maintains an integrated enterprise wide IT Compliance Management information system.

 Reporting, Documentation and Continuous Improvement

Establishes formal IT Risk reporting at the company or Line of Business level.

Publishes an enterprise level IT Risk Report and presents the report annually to the IT Executive.

Continually develops, maintains and optimizes processes and procedures for gathering risk data and analysis.

Builds and strengthens relationships with internal and external stakeholders regarding risk and compliance policies, processes and procedures.

IT Risk and Compliance Management Specialist Must have Skills

Seven years in the IT industry with four years direct technology risk and information security experience including developing ITRCM and security management methodologies, conducting many Threat and Risk Assessments and creating of relevant reports and key performance indicators.

Strong technical, planning, and leadership skills are required.

Effective problem solving and decision-making skills in a fast-paced environment.

Knowledge in related IT, IT risk & compliance management, and information security practices and risk measures.

Ability to assess and resolve complex issues and situations through effective decision making.

Excellent oral and written communication skills with the ability to relate to others with all levels of technical competency.

Excellent presentation skills.

Education:

University degree or two-year college diploma in Computer Science, Business, or similar discipline.

Completion of one or more of the following Information Security Management professional designations is preferred:

Certified in Risk and Information Systems Control (CRISC)

Certified Information Systems Security Professional (CISSP)

Certified Information Security Manager (CISM)

Certified Information Systems Auditor (CISA)

Other similar information security and IT risk management credentials

IT Risk and Compliance Management Specialist Contract Duration

3 months (probability of extension, based on performance)