Optomi, in partnership with a major retailer, is looking to add an IT GRC Analyst to their growing security team! The IT GRC Analyst will help to define and develop new policies and processes around governance programs, identify KPI's and metrics, prepare and present reports/dashboards to management, ensure controls are accurately documented and maintained, and action plans are implemented to address control weaknesses within designated timelines.
The right person for this role will come with at least 2 years of experience in IT Compliance, Governance, or IT audit and have had exposure to HIPAA & SOX.
This role will start off as a 6 month contract and will look to extend or convert the right candidate.
Required Skills:
Bachelor's degree in Computer Science, Management Information Systems, Accounting, Business Administration or relevant field of study required
At least 2+ year's work experience in IT governance management, IT compliance, or IT audit
1-2 years of experience with IT policies, procedures, standards, and guidelines
Formal knowledge of IT systems and processes, and systems development life cycle processes and policies
Strong knowledge of IT industry standards and best practices as they relate to IT governance areas (COBIT, COSO, PCI-DSS, ITIL, ISO 27001, etc.)
2-3 years of experience working with compliance initiatives related to Sarbanes-Oxley, HIPAA, and PCI-DSS preferred
Ability to define and execute upon governance work programs
Ability to lead or work on projects of all sizes and complexity
Ability to work well under pressure while consistently meeting time sensitive deadlines
Strong interpersonal, written and verbal communication skills to interface effectively with individuals at various levels
Ability to work well independently, as well as effectively contribute to a team environment
Strong Microsoft Office program experience, including Project, Visio, Excel, & Word
Experience working in retail (preferred, not required)
Responsibilities:
Provide PCI DSS, SOX, project and governance expertise and consulting to the IT organization, ensuring compliance with PCI and SOX information technology internal controls
Utilize data analysis to develop a more proactive and anticipatory approach to IT risk management
Identify KPI's and metrics, prepare and present reports/dashboards to management
Ensure controls are accurately documented and maintained and action plans are implemented to address control weaknesses within designated timelines
Lead and maintain ongoing IT policy exception management process and identify key exception reporting metrics
Proactively promote the IT risk assessment program to evaluate IT compliance and operational risks ensuring appropriate risk management strategies are defined and implemented
Communicate IT governance and compliance objectives to ensure an appropriate compliance-aware culture
Evaluate company requirements and define required policies, along with supporting standards and guidelines
Initiate and manage the review of IT security controls, including application and infrastructure controls to ensure the company meets its governance and compliance requirements
Drive efforts with IT teams to ensure appropriate procedures are defined and approved to support IT policies/standards/guidelines
Coordinate with InfoSec Team and Training & Development Team to develop security awareness materials, working with appropriate teams, to ensure all company associates use strong IT security behavior
Participate in periodic training and testing to demonstrate knowledge of security concepts
Manage meetings effectively by setting agendas, maintaining focus and identifying action items
Ensure that all functions and activities are performed in accordance with accepted IT department standards and procedures