Job Description
IT GRC MANAGER Tampa, FL - Must be local /Open to relocation 6+ month C2H REQUIRED SKILLS Key Responsibilities: IT Risk Assessments:
• Conduct comprehensive IT risk assessments, including identifying and analyzing potential threats and vulnerabilities across applications, infrastructure, and data.
• Develop and maintain risk registers, documenting identified risks, their potential impact, and mitigation strategies.
• Collaborate with IT and business stakeholders to prioritize and remediate identified risks.
• ssess impact of IT changes to policies, risks, controls, and governance process (including but not limited to disaster recovery, RCM)
SOX Compliance:
• Maintain and update the Risk and Control Matrix.
• Evaluate the design and monitor the execution of management's SOX controls.
• Participate in business process walkthroughs to identify application controls, reports, and ITGC dependencies/risks.
• Review SOC reports and map control deficiencies to relevant IT risks.
• Ensure all control evidence of operating is maintain timely, with appropriate detail for all IT controls; own the development, reporting, completion of control remediation plans
• Train and educate IT teams and control owners on the effective operation of controls
Application and Data Transfer Controls, Report (IPE) Validation:
• Identify the application controls, interfaces/batch jobs and reports key to supporting SOX business processes
• Evaluate the design and effectiveness of application controls.
• Evaluate the design and effectiveness of controls intended to mitigate data transfer errors/incompleteness
• Evaluate the design (completeness and accuracy) of reports used for key controls
Third-Party Risk Management:
• Develop and implement a third-party risk management program.
• Monitor and manage risks associated with third-party relationships.
Disaster Recovery:
• Develop, maintain, and test the IT disaster recovery plan, inclusive of supporting audits and requests for understanding and evidence by 3rd parties
Cyber Security:
• Perform cyber security posture evaluations
• Design and execute strategies to evaluate the ICFR impact of cyber security incidents
• Draft the appropriate disclosures regarding cyber security posture and cyber incidents and response as necessary
Ongoing Regulatory Compliance:
• Ensure compliance with relevant regulations and industry standards (e.g., SOX, NIST).
• ssist with internal and external audits.
• Develop and deliver GRC training to IT and business stakeholders.
Skills/Qualifications:
• dvanced knowledge of SOX controls and compliance; experience implementing or improving SOX
• Strong drive and organizational skills inclusive of project and program management
• bility to proactively, productively manage diverse stakeholder groups
• Excellent accounting and analytical skills
• Technical expertise in ERP system design and operation
• In-depth knowledge of IT governance frameworks (e.g., COBIT, ITIL) and risk management methodologies
• Excellent interpersonal and communication skills, verbal and written
• Strong understanding of SOX requirements and IT general controls (ITGCs).
• bility to analyze and solve problems, results oriented
• ble to prioritize work, and determine when necessary to switch priorities
• Experience with SAP preferred
Education and Experience:
• Undergraduate degree in Accounting, Information Technology, Computer Science or related technical degree required
• Certified Public Accountant (CPA), Certified Internal Auditor (CIA), Certified Information Systems Auditor (CISA), or Certified in Risk and Information Systems Control (CRISC) designation required (two or more preferred)
• 5+ years relevant work experience in public accounting or 8+ years industry required
• 3+ years working with SOX in the IT domain with or for a company listed on a US market required
Job Tags
Work experience placement, Local area, Relocation,