search
Home > Northern Virginia jobs > Northern Virginia management/professional

Posted: Saturday, February 3, 2018 10:29 PM

POSITION PROFILE
This position is responsible for overseeing the IT Governance structure and facilitating with Audit, Compliance and Risk areas. Provides direction and support for compliance-related programs and initiatives within the Organization. This role interfaces with process owners in assigned areas to understand goals and objectives, develops plans to support those goals, and manages project activities. May also audit controls in assigned areas in support of governance programs including but not limited to IT SOX404, SSAE 16, ISMS.
JOB DUTIES AND RESPONSIBILITIES
* Provides centralized oversight to deliver consistency and quality in compliance work across the organization, including all IT functions and capabilities.
* Develops, implements and communicates governance and compliance objectives to ensure an appropriate compliance and risk aware culture.
* Involved in developing, modifying and executing company policies that affect immediate operations and may also have company-wide effect.
* Supports the evaluation of program resources and assists in the procurement of tools, internal resources and/or external resources, as applicable, to ensure proper execution of the compliance program.
* Evaluates general and specific training needs and perform such to support the control environment and associated control framework.
Interacts with various business groups to understand how they use IT systems to assess whether systems should be included within the scope of the various compliance areas (SOX, HIPAA, PCI, etc.).
* Identifies gaps in the design and operating effectiveness of controls, and identify opportunities for more efficient and effective controls.
* Monitors and analyzes technology risk trends and recommends appropriate IT policies, procedures and practices to strengthen internal operations.
* Educates IT and business leaders on appropriate mitigation strategies and approaches.
* Possesses detailed knowledge of industry regulatory environment and risk management practices, and a thorough understanding of local and federal regulations such as Sarbanes-Oxley, ISO27001, SSAE 16and HIPAA.
* Responsible for the implementation and integration of risk management procedures across the organization, based on an understanding of key services that must be maintained.
* Ensures monitoring and testing of business continuance procedures and response to system failures.
* Assist with the development and implementation of metrics to assess or assure compliance activities of the enterprise.
* Participate data breach reporting, events remediation, and mitigation.
* Proactively builds processes to minimize / eliminate downtime.
* Consults with appropriate business and IT leaders regarding the evaluation and selection of vendors to ensure service level agreements meet business continuance and disaster recovery planning requirements.
* Performs other duties as assigned.
QUALIFICATIONS (Education, Experience and Certifications)
Typically Required:
* Bachelor's degree in Computer Science, Information Systems, Business Administration or other related field, or equivalent work experience required.
* CISA (Certified Information System Auditor) certification preferred.
* CGEIT (Certified in the Governance of Enterprise Information Technology) certification preferred.
* CRISC (Certified in Risk and Information System Controls) certification preferred.
* Minimum 7-10 years of IT and business work experience, including risk management, compliance, audit, and/or information security management.
Ricoh is an EEO/Affirmative Action Employer -- M/F/Disability/Veteran
Associated topics: artillery, geospatial intelligence, military, military intelligence, nato secret, security terrorism, signals intelligence, sme, ts sci, uav

Source: http://www.jobs2careers.com/click.php?id=4721675748.96


• Location: Northern Virginia, Sterling

• Post ID: 45381402 nova
nova.backpage.com is an interactive computer service that enables access by multiple users and should not be treated as the publisher or speaker of any information provided by another information content provider. © 2018 backpage.com