Previous Job
Previous
Governance, Risk, and Compliance Manager
Ref No.: 18-07578
Location: Tampa, Florida
Governance, Risk, and Compliance Manager
The Governance, Risk, and Compliance Manager is responsible for assessing and documenting the company IT compliance and risk posture as they relate to its information assets. The purpose of this position is to provide highly skilled technical and information security expertise for development and implementation of the information security risk management and compliance programs. This individual will also be responsible for managing risk, compliance, and the IT relationships with internal and external audit partners.

Leadership
  • Operate with a high degree of independence with regard to audit and project management activities, including development of compliance and audit remediation plans.
  • Recommend programmatic and technical directions and operate with a high degree of independence in matters relating to the investigation, impact, and analysis of security incidents, decisions regarding risk, and measures for computer and network security.
Risk
  • Lead the development and implementation of the system-wide risk management function of the IT department to ensure risks are identified and monitored.
  • Internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls for the company's information and technology systems.

Policy/Compliance
  • Lead the system-wide IT compliance program, ensuring IT activities, processes, and procedures meet defined requirements, policies and regulations.
  • Develop and implement effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
  • Execute strategy for dealing with increasing number of audits, compliance checks and external assessment processes for internal/external auditors. SOX experience required.
Outreach/Awareness
  • Interacts in both oral and written communications with all levels of staff including management, executives, auditors, accounting, and all IT staff and vendors/contractors, in matters related to IT risk, compliance, and audit requirements and remediation.
Audit
  • Work with Internal and External Audit, and outside consultants as appropriate on required security assessments and audits
  • Coordinate and track all information technology and security related audits including scope of audits, timelines, remediation, and outcomes. Work with auditors as appropriate to keep audit focus in scope. Provide guidance, evaluation and advocacy on audit responses.
Problem-Solving Skills
  • Assesses computer hardware, software, and systems for security risks or violations and work with IT staff and technology vendors to recommend solutions. Develop strategies to address awareness and training for all stakeholders as well as technical solutions.
  • Assesses the status of complex multi-location, international projects as well as identify and implement appropriate corrective measures to resolve issues as they arise. Must have a strong customer service orientation and the ability to project that attitude to customers in remote locations.
Contingency planning (Disaster Recovery/Business Continuity)
  • Lead efforts to mature disaster recovery and business continuity functions of business critical systems and underlying infrastructure.
  • Manage and execute annual DR/BCP testing to ensure critical systems and applications can fail over to secondary data-center.
  • Identify gaps in DR/BCP program and develop plan to remediate in alignment with key business processes and needs.
Qualifications
  • Bachelor's degree in information technology or other related field
  • 5 years of advanced skills with information security risk management and compliance practices.
  • Knowledge of information security risk management frameworks
  • Ability to develop security standards and guidelines based on best practices and industry standards
  • 3 years of planning and managing security projects
  • Excellent interpersonal, communication, and presentation skills, including formal report writing experience.
  • Working knowledge of common security standards and SOX requirements.
  • Skills in documenting risk and compliance activities