Manager, IT Compliance

Job Summary

Accountable for the overall IT Risk and Controls program for GIS, reporting  to the Sr Director, Information of Security. 

Job Responsibilities

• Establish, manage, and maintain ITGC program, including ongoing oversight, program management, GIS support (eg – training, updates) and execution of testing of ITGC in support of the ICFR Program.  Conduct regular assessments of IT systems, processes, IT projects (PMO), and identify procedures and controls to mitigate compliance risks.
• Documentation of ITGC processes and controls, conduct periodic testing, co-ordinate with management remediation of any issues related to design, implementation, operation of controls, and conduct training as required. 
• Ongoing co-ordination with Finance for the review and update of the program in line with financial reporting regulatory requirements and business needs. 
• Assist with SOC report reviews as part of both the standard compliance processes as well as Third Party Risk Management processes.
• Act as central point of contact for external auditors’ annual assessment of ITGC and other regulatory agencies and co-ordinate internal resources to support external audit: schedule and attend meetings between management & external audit, manage issues and requests, track and report on status of work and identified issues.
• Act as a central point of contact for internal auditor’s audit plan and execution.
• Provide reporting on ITGC-ICFR program and other regulatory controls (FDA, Health Canada) results from:
  • Self assessment testing and remediation of deficiencies
  • Internal Audits- testing and remediation, audit findings closure
  • External Audit – testing and remediation, closure of deficiencies
• IT Risk & Controls: Establish, manage and maintain program for IT Risks: IMMMR (risk identification, risk measurement (assessment), risk management (documentation of controls), risk monitoring & reporting. Ongoing review and update of program in line with industry standards and business requirements.  Conduct training as required.  Ongoing co-ordination with ERM on risk framework and reporting.
• IT Audit: Liaison with internal audit; co-ordination of audit engagements and review of identified issues and risk remediation plans, ensure tracking of remediation of identified audit issues in line with commitments.
• Other responsibilities as assigned.

Job Requirements

• Education:
  • Bachelor’s degree in Information Systems, Business or equivalent
  • CISA or CRISC certification or equivalent businesses experience.
  • CISSP and/or CISM are an asset.
• Experience:
  • Minimum 10 years of IT risk and controls experience, with 5 years at a manager level
  • Experience in managing and executing SOX, ITGC, ICFR program; including developing test program for  design, implementation and operating of controls; assessment of issues, and assisting management with the remediation of ITGC.
  • Experience in IT Risk management, including identification and assessment of risk and vulnerabilities.
  • Experience in conducting IT Audits, including risk assessment, scoping, designing and audit engagement execution, and reporting within an SAP environment.
    • Project management; managing multiple priorities to meet specific deadlines
    • oral and written communication skills, in particular communicating complex technology and cyber risk for a non-technical audience.
    • presentation skills – preparation of materials and oral communication.
    • relationship management
  • Experience with GMP, FDA, Health Canada, NIST, CIS, ISO27001/2 standards are an asset.