Associate Principal, IT Governance
Summary:
This role will be responsible for the development, implementation and oversight of programs within IT. Ensures the overall effectiveness and adherence to the governance framework and ongoing evaluation of IT’s internal control environment. A member of a high performing team responsible for risk and control self-assessments, identifying control failures, facilitating risk, compliance remediation, and monitoring the first line of defense in an effort to minimize risk exposures and strengthen IT’s overall control environment. The ability to build and maintain working relationships with both business and technology teams and second- and third-line partners will be critical to success, as will having a compliance and continuous improvement mindset.
Essential Duties and Responsibilities:
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily.
• Provide expertise in the design, development, and implementation into IT’s system of internal controls which includes policies, procedures, and controls of IT processes.
• Assist in conducting process gap analyses of controls to key regulations, mapping to industry standards and develop continuous compliance monitoring in order to provide assurance that IT processes are operating according to the principles embedded in relevant industry standards (COBIT).
• Build relationships and practice effective collaboration with stakeholders across partner teams in understanding the impact of changes to the IT environment and processes. Point of contact for IT process improvements, relevant regulatory authorities, Compliance, Enterprise Risk Management and Internal Audit teams addressing concerns and removing roadblocks to drive forward.
• Partner with Business Process Reengineering team, product teams and process owners to support IT process improvement/reengineering efforts based on recommended solutions. Support the implementation, operation, and continuous process improvement of IT’s governance structure that organizes, formalizes, and regulates changes to the IT environment.
• Maintain an awareness of emerging IT GRC best practices to support the department’s goals and strategic direction.
• Analyze processes; identify alternative solutions, and recommends new approaches, seeking to exploit automation and drive technology requirements
• Effectively collaborate with stakeholders in the design, development and implementation of key performance indicators (KPIs) and dashboards to monitor, maintain accurate and timely visibility into the status of the IT processes, remediation, and compliance efforts. Provide transparency of performance to the IT environment.
• Advise process owners on identified issues, support for regulatory exams, audit engagements and inquiries, review materials for examinations and monitor the resolution of regulatory examination and internal audit findings.
• Assist in remediation planning and tracking of remediation efforts with stakeholders
• Perform other duties as assigned.
Supervisory Responsibilities:
• This role does not have direct reports but may provide supervision to multiple cross-organizational teams within IT.
Qualifications:
The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
• Broad range of knowledge and experience with IT processes and operating in a highly cross-functional environment.
• Demonstrated exposure to process improvement initiatives
• Knowledge and experience with IT audits and exams.
• Working knowledge and experience of IT control frameworks and industry standards such as COBIT, NIST Cybersecurity Framework (CSF), or similar industry-accepted standards and the principles embedded within them.
• Demonstrated ability to develop policies and supporting documentation for programs
• Have strong analytical, problem solving, and collaborative skills with the ability to exercise mature and timely judgment and decision-making.
• Deep understanding of the technical domains and processes and good understanding of legal/regulatory requirements.
• Experience working with Agile methods.
• Ability to manage multiple priorities and to effectively adapt to rapid changing needs with demonstrated ability to prioritize projects and workload. Ability to manage across multiple competing priorities and time-sensitive initiatives.
• Excellent Interpersonal skills, verbal & written
• Experience with Business Process Modeling (BPM) a plus
• Knowledge and experience with Cloud migration a plus
Technical Skills:
• Excellent MS Office Suite skills (Word, PowerPoint, etc.)
• JIRA/ Confluence experience a plus
• Performance measurement tools such as Tableau and other similar tools a plus
• Integrated GRC management solutions such as Archer a plus
Education and/or Experience:
• Bachelor’s Degree in Information Systems, Business Management or related field
• Minimum of 7 years of relevant work experience
Certificates or Licenses:
None required but preferred certificates include any of the following:
• Control Evaluation / Auditing / Examination: CIA, CISA, CFSA, CFE
• Risk Management: CRMA, CRISC
• Governance of Enterprise IT / InfoSec: CGEIT, CISM, CISSP
• Product/Project Management Framework: Agile/Scrum
• Process Management: Lean, Six Sigma, ITIL