Governance, Risk and Compliance Manager in Naperville, IL at WOW!

Date Posted: 7/26/2018

Job Snapshot

Job Description

Summary:


 The GRC Manager will work closely with all OSS Staff to assess and reduce information security risk, inform on risk, and ensure compliance with established institution regulations. This role is responsible for oversight and coordination of the Governance, Risk and Compliance program within the Cybersecurity team. Key responsibilities will include execution of IT audit projects with focus on information security and privacy, data integrity and reviews of infrastructure, applications, general controls, system development and implementation projects. Additional responsibilities include providing high level oversight of SOX, HIPPA, PCI and SOC 2 compliance activities and interaction with external auditors.


Duties & Responsibilities:


 Essential duties and responsibilities include but are not limited to those listed below:


 Directly responsible for procedures and controls to assure compliance with applicable regulatory and legal requirements as well as good business practices



  • Establish and oversee formal risk analysis and self-assessments program for various Information Services systems and processes

  • Help ensure compliance with all privacy regulations (Federal and State) along with PCI, HIPAA, SOX, etc

  • Liaise with Internal Audit, Corporate Compliance, and Legal to remediate new and outstanding issues; track security-related issues in a GRC system

  • Oversee WOW!'s security policies, standards, guidelines and baselines. Ensure policies are reviewed and updated per policy

  • Promote and monitor the corporate Cybersecurity Awareness and Training Program

  • Develop, promote and monitor the Records Retention program. Work with business units to ensure data is properly classified

  • Maintain expertise on security trends through training, research and development in order to mitigate potential security exposures

  • Manage, coach, lead and develop a small staff of GRC personnel

  • Assist in performing overall risk assessment and identify areas to perform operational audits from an IT perspective

  • Coordinate security and privacy audits to complement the efforts of the Information Security department

  • Conduct planning activities, develop audit programs, conduct fieldwork and quality assurance, monitor audit progress, prepare audit reports and present findings and recommendations to senior management

  • Monitor and review new system developments, applications, and migrations

  • Maintain up-to-date knowledge of company IT infrastructure and applications, and IT security standards including PCI and HIPPA

  • Maintain periodic meetings with owners and peers to ensure proper risks and controls are met and mitigated during implementations or internal projects

  • Develop and maintain productive client, staff, and management relationships through individual contacts and group meetings

  • Lead other audit team members in their responsibilities to ensure quality of work and compliance with internal audit standards

  • Provide high level oversight of the Sox IT General Controls testing program

  • Other duties as assigned


Requirements:

 To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.


 -Education:


 Bachelor's degree, preferably with a major in MIS, Computer Science and/or Accounting


  -Experience/Skills Needed: 



  • 7+ years' experience in an IT audit capacity with focus on information security and privacy

  • Ability to adapt quickly to changes within the enterprise and technological landscape

  • Experience in large complex MSO organizations, video and cable industry experience a plus

  • Experience in ITIL, NIST, ISO and other infrastructure related frameworks

  • CISM, CISA, CRISC, CISSP or other applicable Certification, a plus

  • Ability to work independently with or without direction and/or supervision

  • Ability to prioritize and multitask. Flexibility and adaptability in work approach

  • Calmness and clarity of thought under pressure and ability to maintain confidentiality

  • Strong written and verbal communication skills

  • Demonstrated leader with team-oriented interpersonal skills; ability to effectively interface with a broad range of people and roles

  • Experience with development frameworks as well as data and integration technologies

  • Experience in establishing and documenting standards, guidelines, and best practices

  • Experience working with workflow, publishing, analytics, portal, mobile, cloud computing, big data and other leading edge technologies

  • Strong analytic and problem solving skills

  • Experience in conducing/leading penetration testing and other similar technical audits

  • Thorough understanding of CoBIT/ITIL, COSO, and financial and operational audit concepts

  • Demonstrated ability to leverage General IT auditing experience into effective auditing for a broad range of information system platforms

  • Excellent project management, communication and analytical skills

  • CISSP,CISM or CISA certifications are highly preferred

  • 5 years or more of progressive cybersecurity work experience

  • Knowledgeable of governance, risk and compliance systems and how to design a GRC framework

  • Ability to work independently and within a culturally diverse team environment

  • Ability to recommend security architectures and components accomplishing long range objectives while simultaneously balancing functional requirements and budget constraints

  • Ability to establish relationships with business, IT leaders and technology subject matter experts with effective verbal and written communication skills appropriate for both technical and non-technical audiences 


-Computer Skills: 



  • Proficient with Microsoft Office, Visio, Excel and Project 


-Physical Demands/Working Conditions: 


The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. 



  • regularly required to talk and hear

  • required to use hands to type, handle objects and paperwork

  • required to reach and hold on to items at chest level or reach above the shoulder

  • required to use close vision and be able to focus

  • some travel may be required 


WOW! is an Equal Opportunity Employer/Minorities/Women/Protected Veterans/Disabled/Sexual Orientation/Gender Identity employer