Position Summary:
The IT Compliance & Application Security Manager is responsible for leading and coordinating IT compliance initiatives, with a strong focus on Sarbanes-Oxley (SOX) and cybersecurity requirements. This role ensures that IT controls are effectively designed, documented, and executed in alignment with regulatory standards and audit expectations.
This position plays a critical role in identifying risks, implementing cybersecurity best practices, and maintaining a robust control environment across both financial and non-financial systems.
Key Responsibilities:
Control Framework Ownership Develop and maintain application-specific control matrices (e.g., SoD, secure development, identity lifecycle, privileged access). Ensure alignment with frameworks such as COSO, COBIT, and NIST.
Policy Implementation & Oversight Translate enterprise security policies into actionable control requirements. Ensure consistent implementation across centralized (e.g., SAP GRC) and decentralized platforms.
Partner with internal software development teams to promote secure coding practices and integrate security checkpoints within CI/CD pipelines.
IAM & SoD Governance Develop governance over identity provisioning, role design, and segregation of duties enforcement. Coordinate exceptions and remediation plans in collaboration with IAM and audit teams.
Metrics & Reporting Define and report on KPIs/KRIs related to control effectiveness and risk posture. Deliver dashboards and reports to senior leadership and risk committees.
Cross-Functional Collaboration Partner with application owners, cybersecurity architects, GRC analysts, and vendors to ensure compliance coverage.
Policies, Procedures, and Documentation Develop and maintain IT compliance policies and procedures. Ensure documentation meets audit standards and reflects current operations.
Education, and training, develop and train application and system owners on their responsibilities and self-assessment for security controls.
Technical Skills & Competencies:
IT Controls & Frameworks Deep knowledge of ITGCs, application controls, and frameworks (COSO, COBIT, NIST). Experience in change management, access management, and system operations.
Audit Methodologies & Standards Familiarity with PCAOB, ISACA, and other audit standards. Experience working with internal/external auditors (Big Four experience is a plus).
Regulatory & Compliance Knowledge Strong understanding of SOX (especially Section 404), GDPR, HIPAA, PCI-DSS.
GRC Tools Proficiency in SAP GRC and other GRC platforms for control monitoring and reporting.
Cybersecurity Fundamentals Knowledge of ISO 27001, NIST CSF, incident response, and vulnerability management.
Data Analysis & Reporting Ability to analyze logs, metrics, and audit findings. Proficiency in Excel, Power BI, or similar tools for reporting.
Interpersonal Skills:
Collaboration & Teamwork: Effective cross-functional collaboration.
Communication: Clear articulation of technical concepts to non-technical stakeholders.
Leadership & Influence: Ability to drive compliance initiatives and gain organizational buy-in.
Adaptability: Flexibility in navigating regulatory and technological changes.
Strategic Thinking: Alignment of compliance efforts with business objectives.
Proactive Mindset: Anticipation of risks and continuous improvement.
Qualifications:
- Minimum 5 years of experience in IT compliance, audit, or cybersecurity roles.
- Fluent in English.
- No travel required.
- Courageous
- Trustworthy
- Inclusive & Collaborative
- Business Savvy
- Operational Excellence