Develop, implement, and maintain technology policies and procedures across the entire engineering organization.
Lead the annual information security risk assessment and incorporate the results into GRC program improvements.
Oversee internal technology control testing and gap assessments.
Issues clear and concise reports, using data, technology and visualization tools to communicate results effectively
Identifies root causes and provides management practical value-add solutions and recommendations
Proactively informs senior management of significant risks or exposures related to internal controls, compliance, and governance requiring prompt attention
Partners with SOX control team on implementing and validating technology controlsTrack exceptions to the governance program and drives remediation planning
Participates as necessary in all regulatory exams and other third-party audits
Prepares and presents reports for Information Security leadership, the CTO, and Executive Management
What we’re looking for.
Experience with building technology and information security control programs
Active CIA, CISA, CRISC, CISM, or CISSP required
Strong technology background highly valued
Superior problem-solving skills with the ability to think strategically and innovatively
Roll-up-the sleeves work ethic and “do-what-it takes” attitude to efficiently execute and drive for results in a fast-paced work environment
Excellent written and verbal communication skills
Proven ability to thrive in a results-driven, fast-paced work environment
Exceptional leadership skills; naturally collaborative, excels at influencing without direct authority