Creative Financial Staffing
Creative Financial Staffing | IT GRC Manager WI | madison, wi
Creative Financial Staffing, Madison, Wisconsin, United States, 53711
IT GRC Manager
To be considered for an interview, please make sure your application is full in line with the job specs as found below. Position Overview:
We are looking for a proactive and experienced IT Governance, Risk, and Compliance (GRC) Manager to become a key member of our team. In this position, you will oversee and enhance the organization's IT GRC program, with an emphasis on SOX compliance, application and data transfer controls, the accuracy and completeness of reports, third-party risk management, and disaster recovery processes.
Key Responsibilities:
IT Risk Assessments:
Perform thorough IT risk assessments, identifying and analyzing potential risks and vulnerabilities in applications, infrastructure, and data.
Develop and update risk registers, documenting risks, their potential consequences, and proposed mitigation measures.
Work closely with IT and business teams to prioritize and address identified risks.
Evaluate the effects of IT changes on policies, risks, controls, and governance processes (including but not limited to disaster recovery and RCM).
SOX Compliance:
Oversee and regularly update the Risk and Control Matrix.
Review and monitor the effectiveness of management's SOX controls.
Participate in business process walkthroughs to identify application controls, report dependencies, and ITGC risks.
Assess SOC reports and map control weaknesses to relevant IT risks.
Ensure timely maintenance of evidence supporting the operation of IT controls; take ownership of developing, reporting, and completing control remediation plans.
Provide training to IT teams and control owners on best practices for maintaining effective controls.
Application and Data Transfer Controls, Report (IPE) Validation:
Identify key application controls, interfaces, batch jobs, and reports critical to SOX compliance.
Evaluate the design and effectiveness of application controls.
Assess the effectiveness of controls designed to prevent data transfer errors or omissions.
Evaluate the accuracy and completeness of reports used for key controls.
Third-Party Risk Management:
Create and implement a comprehensive third-party risk management program.
Continuously assess and manage risks associated with third-party partnerships.
Disaster Recovery:
Develop, maintain, and conduct regular tests of the IT disaster recovery plan, including managing audits and third-party requests for understanding and evidence.
Cybersecurity:
Perform assessments of the organization's cybersecurity posture.
Design and execute strategies to evaluate the impact of cybersecurity incidents on ICFR (Internal Control over Financial Reporting).
Draft necessary disclosures regarding cybersecurity status and incidents, as well as responses as required.
Ongoing Regulatory Compliance:
Ensure adherence to applicable regulations and industry standards (e.g., SOX, NIST).
Support internal and external audit processes.
Develop and conduct GRC training sessions for both IT and business stakeholders.
Skills and Qualifications:
Extensive knowledge of SOX controls and compliance, with experience in the implementation and enhancement of SOX programs.
Strong organizational skills, including experience in managing projects and programs effectively.
Ability to manage and collaborate with diverse stakeholder groups in a proactive and productive manner.
Excellent accounting and analytical abilities.
Expertise in ERP system design and operation.
In-depth understanding of IT governance frameworks (e.g., COBIT, ITIL) and risk management practices.
Exceptional interpersonal and communication skills, both written and verbal.
Strong grasp of SOX requirements and IT general controls (ITGCs).
Problem-solving abilities with a results-driven mindset.
Capable of managing and shifting priorities as needed.
Experience with SAP is preferred.
Education and Experience:
Bachelor's degree in Accounting, Information Technology, Computer Science, or a related technical field.
Relevant certifications such as Certified Public Accountant (CPA), Certified Internal Auditor (CIA), Certified Information Systems Auditor (CISA), or Certified in Risk and Information Systems Control (CRISC) are required (two or more certifications preferred).
A minimum of 5 years of relevant experience in public accounting or 8+ years in industry.
At least 3 years of experience working with SOX in the IT domain within a US-listed company is required.
To be considered for an interview, please make sure your application is full in line with the job specs as found below. Position Overview:
We are looking for a proactive and experienced IT Governance, Risk, and Compliance (GRC) Manager to become a key member of our team. In this position, you will oversee and enhance the organization's IT GRC program, with an emphasis on SOX compliance, application and data transfer controls, the accuracy and completeness of reports, third-party risk management, and disaster recovery processes.
Key Responsibilities:
IT Risk Assessments:
Perform thorough IT risk assessments, identifying and analyzing potential risks and vulnerabilities in applications, infrastructure, and data.
Develop and update risk registers, documenting risks, their potential consequences, and proposed mitigation measures.
Work closely with IT and business teams to prioritize and address identified risks.
Evaluate the effects of IT changes on policies, risks, controls, and governance processes (including but not limited to disaster recovery and RCM).
SOX Compliance:
Oversee and regularly update the Risk and Control Matrix.
Review and monitor the effectiveness of management's SOX controls.
Participate in business process walkthroughs to identify application controls, report dependencies, and ITGC risks.
Assess SOC reports and map control weaknesses to relevant IT risks.
Ensure timely maintenance of evidence supporting the operation of IT controls; take ownership of developing, reporting, and completing control remediation plans.
Provide training to IT teams and control owners on best practices for maintaining effective controls.
Application and Data Transfer Controls, Report (IPE) Validation:
Identify key application controls, interfaces, batch jobs, and reports critical to SOX compliance.
Evaluate the design and effectiveness of application controls.
Assess the effectiveness of controls designed to prevent data transfer errors or omissions.
Evaluate the accuracy and completeness of reports used for key controls.
Third-Party Risk Management:
Create and implement a comprehensive third-party risk management program.
Continuously assess and manage risks associated with third-party partnerships.
Disaster Recovery:
Develop, maintain, and conduct regular tests of the IT disaster recovery plan, including managing audits and third-party requests for understanding and evidence.
Cybersecurity:
Perform assessments of the organization's cybersecurity posture.
Design and execute strategies to evaluate the impact of cybersecurity incidents on ICFR (Internal Control over Financial Reporting).
Draft necessary disclosures regarding cybersecurity status and incidents, as well as responses as required.
Ongoing Regulatory Compliance:
Ensure adherence to applicable regulations and industry standards (e.g., SOX, NIST).
Support internal and external audit processes.
Develop and conduct GRC training sessions for both IT and business stakeholders.
Skills and Qualifications:
Extensive knowledge of SOX controls and compliance, with experience in the implementation and enhancement of SOX programs.
Strong organizational skills, including experience in managing projects and programs effectively.
Ability to manage and collaborate with diverse stakeholder groups in a proactive and productive manner.
Excellent accounting and analytical abilities.
Expertise in ERP system design and operation.
In-depth understanding of IT governance frameworks (e.g., COBIT, ITIL) and risk management practices.
Exceptional interpersonal and communication skills, both written and verbal.
Strong grasp of SOX requirements and IT general controls (ITGCs).
Problem-solving abilities with a results-driven mindset.
Capable of managing and shifting priorities as needed.
Experience with SAP is preferred.
Education and Experience:
Bachelor's degree in Accounting, Information Technology, Computer Science, or a related technical field.
Relevant certifications such as Certified Public Accountant (CPA), Certified Internal Auditor (CIA), Certified Information Systems Auditor (CISA), or Certified in Risk and Information Systems Control (CRISC) are required (two or more certifications preferred).
A minimum of 5 years of relevant experience in public accounting or 8+ years in industry.
At least 3 years of experience working with SOX in the IT domain within a US-listed company is required.