Lead, Information Technology Governance Risk Compliance (IT Audit)

Thank you for your interest in our company! To apply, click on the button above. You will be required to create an account (or sign in with an existing account). Your account will provide you access to your application information. The email address used in establishing your account will be used to correspond with you throughout the application process. Please be sure and check the spam folder. You may review, modify, or update your information by visiting and logging into your account.

JOB FUNCTION / SUMMARY:

Responsible to lead the ongoing development and execution of the organization’s IT Governance, Risk, and Compliance Programs, covering key areas such as policy management, risk assessments, issue management, audits, and vendor risk management to ensure the confidentiality, integrity, and availability of information assets (data and data systems). This includes leading initiatives to ensure IT aligns with business goals while managing risks and meeting regulations. In this role, you’ll work with internal and external auditors and provide enterprise-wide guidance, documentation, and project leadership to support the IT GRC framework.

ESSENTIAL DUTIES & RESPONSIBILITIES:

• Leads the development and maintenance of security policies and guidelines in alignment with regulatory requirements. Socializes policy changes to subject matter experts and line of business.
• Assists in the development of control documents with Security Architects for applications being governed.
• Ensures scheduled control checks for Information Technology, Information Security, and line of business defined controls are tracked and reported against.
• Standardizes, documents, maintains, and automates where possible, IT GRC processes.
• Performs IT risk assessments to evaluate risks and compensating controls and participates in enterprise-level risk assessments.
• Prepares formal written reports on governance, risk, and compliance.
• Oversees IT regulatory reviews, IT internal audits, and SOX testing of IT General Controls (ITGC).
• Supports lifecycle of issue management and policy exception process; reviews and consults teams on draft policy exceptions, prepares summary notes with recommendation for approve or deny; and effectively communicates IT issues and risks to management.
• Generates reports on assessment findings and summarizes them to facilitate remediation tasks for other operational teams.
• Studies existing information processing systems to evaluate effectiveness of controls.
• Oversee vendor cybersecurity risk management for critical business services.
• Supports the security awareness programs within the business unit.
• Works with other bank leaders to support the mission and core values of the bank.
• Provides mentoring, guidance, and training to staff.
• Performs other job-related duties and special projects as assigned.

SUPERVISORY RESPONSIBILITIES:

Carries out supervisory responsibilities in accordance with the organization's policies, procedures and applicable laws; Provides guidance and oversight to and is responsible for the coordination and evaluation of the assigned team. Responsibilities may include interviewing, hiring and training associates; planning, assigning and directing work; performance management; associate compensation; approving expense reports; addressing concerns and resolving problems.

MINIMUM REQUIRED EDUCATION, EXPERIENCE & KNOWLEDGE:

• Bachelor’s degree in Information Systems or relevant technical / science degree or equivalent experience in Information Systems required
• 6+ years of IT policy, controls, assessment, GRC, or audit experience required

ESSENTIAL MENTAL & PHYSICAL REQUIREMENTS:

• Ability to travel if required to perform the essential job functions
• Ability to work under stress and meet deadlines
• Ability to operate related equipment to perform the essential job functions
• Ability to read and interpret a document if required to perform the essential job functions
• Ability to lift/move/carry approximately 10 pounds if required to perform the essential job functions. If the employee is unable to lift/move/carry this weight and can be accommodated without causing the department/division an “undue hardship” then the employee must be accommodated; hence omitting lifting/moving/carrying as a physical requirement.

Equal Opportunity/Affirmative Action Employers. All qualified applicants will receive consideration for employment without regard to race, color, religious beliefs, national origin, ancestry, citizenship, sex, gender, sexual orientation, gender identity, marital status, age, physical or mental disability or history of disability, genetic information, status as a protected veteran, disabled veteran, or other protected characteristics as required by federal, state and local laws.