Client is looking for an IT Controls Lead that will assist the leader of the Privacy, Risk and Governance function in establishing client's overall IT Controls program, which is designed to ensure that the company's systems and information assets are adequately protected.
The IT Controls Lead is a dynamic business and technology professional who will provide leadership, direction and execution for a comprehensive governance program. The IT Controls Lead sets and delivers his/ her strategy as a foundation enabling the company to deliver its commitments while protecting the security and integrity of important data, intellectual property, personal data and the company's overall brand in the marketplace. This leader will bring hands-on and strategic thought leadership regarding security assurance, cyber risk and methods to maintain our strong heritage of compliance.
The IT Controls Lead works proactively with the Risk Management Lead, Govnerance and Controls Lead, as well as various business units and other internal departments and organizations to implement practices that meet client's defined policies and standards for information risk management.
Effective controls program requires a comprehensive and performance-based approach that aligns levels of protection with business needs. For this reason, the IT Controls Lead must be much more than simply a technology and controls expert, he/ she must also possess significant management, communications and leadership skills along with extensive business knowledge.
location: Cambridge, Massachusetts
job type: Contract
work hours: 8am to 4pm
- Develop and execute an enterprise-wide governance strategy and roadmap that mitigates cyber and regulatory compliance risk through the right balance of controls, employee training, monitoring and testing
- Build out and maintain current governance tools and processes within information security in ServiceNow GRC to provide visibility and transparency
- Advance ServiceNow GRC maturity and use against defined goals
- Facilitate documentation and maintenance of IT security controls and relevant processes
- Directly responsible for enhancing governance framework of IT security policies, procedures and controls to assure compliance with applicable regulatory, legal and audit requirements as well as good business practices
- Collaborate with IT leadership, control owners and business partners to ensure effective internal cyber security controls are implemented and maintained.
- Lead effective organizational change management initiative to introduce new controls and processes to the organization, including training and awareness as appropriate
- Develop and maintain collaborative relationships with IT business partners, IT leadership and Internal Audit stakeholders
- Support Compliance - participate in the development, implementation and ongoing compliance monitoring for the programs and regulations with which client is obligated to comply; examples include SOX, Privacy (GDPR, CCPA), GxP
- Provide training, lessons learned, and best practices guidance to IT leadership and IT personnel to improve IT governance, security and controls postureHelp Risk Management Lead build a process and culture of proactive risk identification by monitoring the IT control environment for changes and emerging risks, to inform business unit and functional group leadership of the top security/compliance risks, overall security health of their organizations and advise on risk treatment
- Promote an approved and evangelized governance, risk and compliance strategy and plan that supports the achievement of the global Information Security strategy
- Define program metrics driving awareness of progress to targets
- Experience level: Experienced
- Minimum 8 years of experience
- Education: Bachelors
- IT Privacy Governance Risk
Equal Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.