Manager - IT Risk and Internal Controls

Position Summary

The IT Risk and Internal Controls Manager will work with Global IT Leadership to ensure strong internal controls are appropriately designed and operating effectively to mitigate operational, financial and regulatory risks. This position will ensure risks are identified and internal controls are designed/implemented as part of  the global Systems Development Life Cycle (SDLC) and the annual IT strategic planning process. In addition, this position will liaison with key Business Partners and internal/external auditors on all matters relating to IT risk and controls. This position can work out of our Wayne, PA or Morrisville, NC office. 

Principal Responsibilities

•    Complete annual technology risk assessments in support of financial and resource planning.
•    Manage the execution and documentation review of IT General Controls supporting key financial systems (i.e. SOX) applications and infrastructure.
•    Lead the remediation program to achieve and maintain ISO/27001 certification.
•    Manage processes to maintain Payment Card Industry (PCI) compliance.
•    Executive reporting and communications relative to IT and Cybersecurity risks and controls. 
•    Manage third-party inquiries relating internal controls and security.
•    Provide recommendations on policy and procedure enhancements.
•    Assist in managing security incident response program.
•    Coordinate and oversee all IT internal and external audit activities.
 

Education / Experience Requirements

•    A bachelor’s degree is required with an emphasis in management information systems, IT risk or related field.
•    Five - seven years of IT risk and controls experience with a similar position in a multinational, SEC-registered company or delivering similar services via a professional services firm.
•    Credentials including Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) and Certified Internal Auditor (CIA) preferred.
 

Specialized Skills / Other Requirements

•    Knowledge and deep experience in Sarbanes-Oxley Act of 2002 (SOX) control requirements, ISO/27001, National Institute of Standards and Technology (NIST),  and Payment Card Industry (PCI) frameworks and regulations.
•    Experience in developing and executing IT risk assessments aligned to industry standards such as NIST and ISO/27001.
•    Intermediate to advanced background in SAP internal controls and GRC platforms.
•    Experience in executing and evaluating service auditor reports (ex. SOC1/SOC2).
•    Ability to effectively lead projects while executing detailed tasks.
•    Strong time and document management skills with a attention to detail.
•    Strong communication skills in presenting IT internal controls and risk matters in a consumable manner across various forums and levels of the organization.
•    Ability to work independently in developing methodologies, programs, work plans and communications relating to IT risk and compliance.
•    Willing and able to travel (up to 25%), including internationally.
•    Ability to maintain a flexible work schedule (able to meet the requirements of the position as needed including ability to work evenings and weekends when necessary).