IT Compliance Manager
Dallas, TX 75093
The Compliance Manager will demonstrate a unique blend of technical, business development and management skills including strategic thinking, simultaneously planning and implementing projects, and providing leadership and direction to mature the process.
DUTIES AND RESPONSIBILITIES
- Assist leadership to design, develop and oversee procedural controls to monitor compliance risks, including progress tracking of treatment plans to verify successful completion of remediation activities.
- Design and document IT General Controls to ensure the business demonstrates compliance with its obligations under the Sarbanes Oxley Act
- Validate IT key controls to identify control risks, analyze root causes and trends in potential control weaknesses; suggest new controls to meet compliance standards where applicable
- Provide advice and guidance to the business to ensure continued compliance in a dynamic, fast paced environment
- Help prepare for and facilitate assessments and examinations by qualified security assessors auditors, regulators, and other similar bodies.
- Provide all required supporting audit tasks including but not limited to: audit scheduling, request communications, evidence collection and review, project status tracking, issue tracking, auditor engagement and engaging leadership escalations when appropriate.
- Maintain and present compliance reports and remediation tracking documents to convey and influence compliance status of all relevant compliance programs.
- Assist in the promotion of a compliance culture that encourages an “ open door” policy for staff to seek clarification on compliance matters.
- Enable continuous improvements of the GRC function by identifying and communicating enhancement opportunities to department leadership
- Manage and support the performance and development of other team members within the External Compliance unit
COMPETENCIES (KNOWLEDGE / SKILLS or ABILITIES / BEHAVIOR)
- Detailed knowledge of Sarbanes Oxley 404 general computing controls and SSAE18 testing
- Knowledge of PCI standards essential (PCI DSS, PA DSS, PCI PIN, etc.)
- Experience working in card payments environment desired
- Research and proactively communicate new, evolving industry and regulatory requirements with colleagues at all levels of the organization and obtain agreement on practical plans to reach compliance
- Prepare clear concise and accurate documentation and reports
- Strong communication and presentation skills with an ability to tailor communications to different audiences
- Establish and build effective relationships with internal and external stakeholders worldwide
- Ability to work in a complex and evolving environment
- Demonstrate strong project management and execution skills, including prioritizing tasks, balancing workload, anticipating next steps and adapting to change
- BA/BS in Information Systems or a related technical field; Master’ s degree preferred
- Minimum 7+ years’ experience working in an information security, information technology or information risk management related field
- CISA, CISM, CISSP or other relevant qualifications preferred
- Demonstrated experience in implementing compliance frameworks, such as ISO 27001, ISMS implementation, COSO, COBIT, etc., for financial services organization or organizations with similar information security needs and requirements;
- Thorough understanding of industry standards and regulations including PCI DSS, PCI PIN, PA DSS, P2PE, COSO, and SOX
- Familiarity and understanding of broad range of IT hardware and software products
- Willingness to travel domestically and internationally, if required
- Ability to operate within a multi-cultural, multi-time-zone environment
- High ethical standards, operates with integrity and professionalism