Senior Manager IT Compliance

Company: Ekman Associates, Inc
Location: Los Angeles
Posted on: September 25, 2022

Job Description:

Title: Senior Manager, IT ComplianceLocation: Sylmar, CA Ekman Associates is a management consulting firm that specializes in developing business, digital, and technology strategy, delivering solutions, and addressing human resource demands. Summary: The Sr. Manager of IT Compliance is responsible for designing, establishing, monitoring, and testing the IT general security controls associated with Sarbanes Oxley and CMMC Compliance. This role is the primary contact for all IT processes and control-related issues with internal process owners and external auditors. The Sr. Manager is a key member of the IT leadership team who provides guidance to the organization on internal control risks and issues and partners with peers to develop and implement effective mitigation strategies. The Sr. Manager has a strong presence and the business acumen to effectively negotiate control definitions and testing requirements with external auditors and senior management. The Sr. Manager also produces reports and analyses from applications, databases, and transaction logs to support audit testing and any projects for the Corporate Management Audit team. The Sr. Manager of IT Compliance will also assume responsibility for a wide variety of IT-sponsored initiatives and projects. These are related to both internal IT processes and company-wide processes supported by technology. He/she must be hands-on to solve issues or coach others through the problem-solving process. Responsibilities: Define and document the IT general controls for SOX 404 and CMMC compliance. Partner with third-party internal and external auditors to align on the appropriate control set that optimizes the trade-offs between risk and administrative costs. Manage internal testing of the IT general controls for SOX and CMMC, including quarterly access reviews, CAB management, Quarterly Vulnerability reports, and other ongoing security controls. Manage and oversee various CMMC compliance projects with the assistance of a centralized GRC tool Oversee third-party resources supporting the testing of IT security controls. Coach the IT organization to generate an understanding of the context behind internal controls and establish a strong culture of security and compliance. Develop and implement reports, queries and measures utilizing MS SQL, Crystal Reports, and other tools to support audit testing, identify systemic issues and track internal security control compliance. Provide input into the Client's IT policies surrounding identity and access management and other network and data security-related issues or requirements. Participate in business process design to identify potential key control considerations and define the control sets for the processes in question. Partner with the IT managers to ensure defined control practices are embedded in day-to-day operations and result in 100% compliance (strive for zero testing exceptions.) Manage, monitor, and test the IT Change Management control process Analyze project and technology options and formulate compelling recommendations for senior management that optimize the trade-offs between cost and functionality. Direct and oversee projects and project teams to ensure the successful delivery of new security compliance initiatives. Qualifications: BS/BA required in Computer Science, Information Systems or other related major. Masters Degree is a plus. Relevant security or compliance certifications such as CISM, CISA, QSA, CDPSE, CRISC, or CMMC RP desired. Hands-on experience defining IT Security Controls for SOX 404 and CMMC compliance. Hands-one experience with GRC tools Minimum of eight to ten years of professional experience and at least five years of significant hands-on experience dealing with IT security-related controls and compliance. Proven track record of effectively partnering with external auditors and in-house controllership on the definition and testing requirements for key IT security controls. Direct experience in the audit testing and documentation requirements surrounding IT Security Controls. Must have a strong knowledge of security controls related to, Virtual Desktop Environment (Azure), Authentication and Authorization, Vulnerability Management, Incident Response, Windows Server, SQL Server, JD Edwards, Hyperion Financial Management, Cisco Networking, Palo Alto firewalls. Active Directory, Citrix Xen Desktop, Excellent verbal and written communications skills - a skilled business professional who communicates effectively with all levels of end-users and management. Ability to quickly learn and adapt to new technologies. Experience and demonstrated ability with sound business decision-making practices. Ability to work on major projects and manage multiple priorities with minimum supervision is a must. The following skills/experiences are pluses: Windows Active Directory Azure Secure Environment Rapid 7 (IDR) Windows Server 2012 & 2016 SQL Server 2012 & 2016 Sophos Security Suite Cisco Networking, IPSec VPN, Cisco SSLVPN, Citrix Xen, DMZ, ESET, VPN Tunnels Firewalls GRC tools Qualified Candidates Only:If you wish to learn more about this opportunity and additional qualifications/responsibilities, please submit your resume. To learn more about Ekman Associates, Inc. please visit our website at www.ekmanassociates.com

Keywords: Ekman Associates, Inc, Los Angeles , Senior Manager IT Compliance, IT / Software / Systems , Los Angeles, California