IT Risk & Control Manager

Summary

The IT Risk Manager for DX (Digital Transformation) Controls will be responsible for establishing and managing the IT Risk function within the Digital Transformation group. This role will primarily focus on ensuring compliance with SOX requirements, overseeing control testing activities, performing risk assessments, and providing guidance on the design, implementation and execution of controls for systems and business processes. The IT Risk Manager will also be responsible for designing and monitoring IT General Controls (ITGCs) to ensure the overall security and integrity of the organization's IT infrastructure and systems.

Responsibilities

Establish and lead the IT Risk function within the DX department.

Develop and implement IT risk management strategies, policies, and procedures.

Conduct risk assessments to identify potential vulnerabilities and recommend appropriate controls.

Collaborate with business stakeholders to understand system requirements and consult on the design and implementation of controls.

Oversee testing activities to ensure controls are operating effectively and in compliance with SOX requirements.

Monitor and report on the effectiveness of controls, identifying areas for improvement and implementing corrective actions.

Design and implement IT General Controls (ITGCs) to ensure the overall security and integrity of the organization's IT infrastructure and systems.

Manage access controls, including user provisioning, segregation of duties, and privileged access management.

Develop and maintain change management processes to ensure proper control over system changes and enhancements.

Establish and maintain IT governance frameworks to ensure alignment with industry best practices and regulatory requirements.

Assess potential deficiencies including identifying compensating controls and evaluating severity.

Provide guidance and training to staff members on IT risk management principles, ITGCs, and control design.

Collaborate with internal and external auditors during SOX audits and assist in addressing any identified issues.

Foster a culture of risk awareness, compliance, and strong controls accountability within the DX Transformation department.

Additional Responsibilities

Develop and maintain a risk register to track and prioritize IT risks.

Conduct periodic reviews of system configurations and access controls to ensure compliance.

Collaborate with IT and security teams to address any identified vulnerabilities or security incidents.

Assist in the development and implementation of disaster recovery and business continuity plans.

Participate in cross-functional projects to ensure IT risks are adequately addressed.

Serve as one of the company’s subject-matter experts on financial reporting risks and the SOX Compliance program relevant to critical IT systems

Qualifications

Equivalent experience or a Bachelor’s degree in Finance, Business Administration, Accounting, Computer Science, Economics, or related area of study
Certifications such as CISA, CRISC, or CISSP are highly desirable
5+ years experience in IT risk management, IT audit, or related field
Knowledge of SOX Compliance, PCAOB requirements, COSO Framework and US GAAP with strong working knowledge of internal controls
Demonstrated risk management knowledge, including risk assessment, control evaluation and compliance testing
Experience with systems and processes like Salesforce, RevPro, Mulesoft, Modern DevSecOps (Development, Security and Operations) and Quote to Cash (Q2C) business processes is preferred.
Experience with Internal Audit, External Audit, or Risk Assurance at a Big 4 consulting is highly desirable.
Works comfortably in a fast-paced and dynamic environment managing multiple projects with minimal day-to-day supervision with the ability to prioritize and shift focus based on risk/business need
Strong problem-solving skills, investigative, and analytical skills including ability to effectively address deficiencies in collaboration with others
Communicates clearly, concisely, and impactfully to influence others and builds strong and inclusive working relationships, in person and virtually, with business partners and colleagues