Are you passionate about making a difference in people's lives? Do you enjoy working in a service-oriented industry? If so, this opportunity may be the right fit for you!
The Compliance Manger, IT Governance, Risk, & Compliance will be responsible to ensure compliance with legal and regulatory requirements, including but not limited to Sarbanes-Oxley, HITRUST, and HIPAA.
This position will be responsible to document processes and gather evidence to support the accurate and timely execution of IT General Controls for all technology related functions.
This includes managing timelines for the completion of audit activities and the related remediation utilizing POAM’s. Ability to organize, manage and follow up on a large scale of assigned activities across multiple teams.
This role will require effective communication across the organization, and required collaboration with leadership and staff in the compliance, audit and IT organizations.
This role...
Audits
IT Control Execution
Creation, implementation and management of desktop policies, processes, and procedures to support internal and external audit control testing, including but not limited to;
HIPAA, SOX, HITRUST, ISO 27000.
Design and document internal control processes
Gather evidence related to IT General Controls
Analyze and improve processes related to ITGC testing to implement, measure and enforce IT Policy
Customer Audits Ensures all customer compliance commitments are met at all times
IT GRC System Design, implement, and optimize the system to monitor, assign and gather evidence for IT control execution
Provide reporting on control compliance to align with audit deadlines
Coordinate with other departmental managers to execute controls and review audit related findings
Internal Audit PBC - Responsible for all IT aspect of data collection for internal audit's PBCs, working with internal teams to produce accurate data, and assuring a full and comprehensive PBC
IT Control Testing & Control Health Responsible for the timely completion of IT controls on pre-defined intervals (including ad hoc, daily, weekly, monthly, quarterly, and yearly), ensures the health of all IT controls, and manages corrective action plans needed to address any control gaps, weaknesses, or failures
Customer Audits - Ensures all customer compliance commitments are met at all times, and supports all interactions with customer audits of our Program
Industry Audits - Supports all SOC 2, HITRUST, ISO 27000, etc. engagements & audits
Training Conduct training and knowledge transfer on the execution of audit related control execution for end users and management
Compliance
Regulatory Compliance - Responsible to lead team to gather evidence of the timely and accurate completion of controls for HIPAA, SOX, & ISO 27000 compliance.
Remediation Document, track and validate completion of remediation activities driven from findings and documented opportunities for improvement
Customer Compliance - Tracks key customer compliance requirements & performs customer compliance activities, such as periodically updating specific customers on specific security and compliance program performance items per a given customer's request, to ensure always-on compliance with our customer requirements
IT General Controls Document process and procedure to ensure consistent timely completion of all control activities
Governance
Policy Development Assess and maintain Security Policy to align with a globally-accepted best practice framework, such as NIST 800-53 or ISO 27000
Training Ensures IT staff are adequately trained to understand the risks & controls for which they are responsible
Reporting Periodically reports metrics related to IT compliance management activities
OKRs & KPIs Develops, monitors, regularly reports, and ensures adherence to OKRs & KPIs for IT risk management
Risk Management
Vulnerability Management Documents and enhances processes to identify, prioritize, and validate completion of remediation activities related to vulnerabilities
Patching Documents and enhances processes to prioritize, remediate and validate patches for operating systems, applications, and hardware in the enterprise
Risk Management - Assist in the development & management of all IT POAMs
3rd Party Assessment Program Documents and enhances processes to assess Third Party vendors for risk, security posture, and alignment with IT Security Policies
Security Awareness Measure and quantify risk to prioritize security awareness communications and training
Leadership
Select, hire, and train Compliance Analysts
Coordinate daily, weekly, monthly activities to optimize resources
Drive accountability for completion of tasks on a timely basis
Provide feedback and career growth opportunities for members of the team
We are interested in speaking with individuals with the following...
Bachelor's Degree required in Information Technology, Computer Science, Business Administration, or related field preferred.
Seven (7) plus years experience in IT audit, risk management, and information security.
Certified Information Systems Auditor ( CISA ) required.
Certified Information Security Manager ( CISM ) or Certified Information Systems Security Professional ( CISSP ) preferred.
Ability to develop and maintain effective working relationships with executive management and external regulators / External Auditors.
Advanced knowledge and experience in Data Analytics, Cybersecurity, AI, BlockChain, Cloud, Enterprise Technologies, etc.
Experience managing teams of skilled professionals - ability to recruit and maintain a high-performing team.
Excellent communication (verbal, written, and listening) and interpersonal skills; strong writing skills, particularly as related to audit reports and management presentations.
Strong understanding of database management systems and related controls.
Strong project management, organizational skills, and presentation skills.
Ability to build relationships and foster a cooperative work environment with a wide range of constituencies in a diverse community.
Ability to build consensus and to work through others in achieving desired results and objectives.
Strong analytical skills with excellent problem-solving abilities with ability and judgment to ask tough questions of technical and non-technical people.
Demonstrate ability to influence and motivate interdisciplinary teams.
Demonstrate high ethics and integrity.
Advanced interpersonal skills to deal effectively with complex and / or sensitive issues with a wide variety of influential internal and external parties.
Skilled at cross cultural communications and management.
Extensive knowledge in managing technology audits, IT general controls, and pre- and post-implementation testing is a plus.
Extensive knowledge in public accounting, IT Auditing, cybersecurity, and Data Analytics is a plus.
Salary : $92,500.00 - 124,900.00
Bonus eligible based on individual and company performance.
Modivcare’s positions are posted and open for applications for a minimum of 5 days. Positions may be posted for a maximum of 45 days dependent on the type of role, the number of roles, and the number of applications received.
We encourage our prospective candidates to submit their application(s) expediently so as not to miss out on our opportunities.
We frequently post new opportunities and encourage prospective candidates to check back often for new postings.
We value our team members and realize the importance of benefits for you and your family.
Modivcare offers a comprehensive benefits package to include the following :
- Medical, Dental, and Vision insurance
- Employer Paid Basic Life Insurance and AD&D
- Voluntary Life Insurance (Employee / Spouse / Child)
- Health Care and Dependent Care Flexible Spending Accounts
- Pre-Tax and Post Tax Commuter and Parking Benefits
- 401(k) Retirement Savings Plan with Company Match
- Paid Time Off
- Paid Parental Leave
- Short-Term and Long-Term Disability
- Tuition Reimbursement
- Employee Discounts (retail, hotel, food, restaurants, car rental and much more!)