Sr. Technology Controls Integration Lead -Itmpowered

ITmPowered Consulting720-724-7086,

Sr. Technology Controls Integration Lead -ITmPowered

The Sr. Controls Integration Lead will serve as internal consultant providing technology risk controls integration advisory services enterprise wide to ensure regulatory andcompliance requirements are met during the SDLC of new solutions prior to go live. Work with business units and IT project teams advisingonimplementing new systems to ensure appropriate processes, procedures, and controls are adequately designed and implemented. Consult on identified issues to ensure remediationfor compliance and regulatory objectives (SOX, HIPAA, PCI DSS) before new systems and application start processing live data. Use strong communication and client service skills (know when and how to put sand on the beach). Advise IT / Business executives, IT project stakeholders / teams on Technology Risk, regulatory matters, security and control requirements.

Essential Functions:

•As early as requirements definition, review plans for applications / enterprise wide system and execute assessments throughout various phases of the IT software development life cycle (SDLC) to determine if IT regulatory requirements are begin designed, tested and deployed as part of the over IT program/project.

•Map existing project requirements to regulations / controls. Provide GAP Analysis and map requirements to align with CTRLS/REG’s/Frameworks (across Application Layers, PCI, HIPAA/Omnibus, SOX).

•Perform interviews, document controls design assessments, and walkthroughs of key controls (both new and existing). Conduct periodic meetings through the SDLC to do Q&A assessments of alignment thereof.

•Understand the broad regulatory landscape impacting business areas (HIPAA, PCI DSS, SOX) and remain current with emerging regulatory requirements as well as solution trends in the marketplace

•Build Pre implementation assessments (Audit) to ensure stuff is in place (controls, process, procedures, etc.) to align with plan and remediate gaps prior to go live.

•Formulating pragmatic process remediation and implementation strategies, defining work tracks; and submitting assessment findings and recommendations.

•After go live into production (systems handling live data) - produce Corrective Action Plans (CAP) with detailed layout of what needs to be remediated in order to be compliant with controls, regulations, frameworks. (Note: The CAP document goes up to all levels of the organization – VP/Exec. Dir.)

•Design sustainment strategies and measurement systems to ensure that compliance requirements can continue to be maintained over time.

•Create written deliverables detailing the results of assessment activities and track project/program team efforts to remediate issues.

•Produce, track, and report on Controls Plans, Mappings, Gap analysis, IT Risk Assessments, CAP’s, remediation plans / workflows, work papers, artifacts, and associated documentation in the Repository

•Develop and nurture trusted relationships with Business Partners, IT Executives, Security & Compliance Officers and other Compliance Team Members to gain consensus approvals on strategies, recommendations, findings, and project plans.

•Learn the Enterprise IT program and process management methodology and execute it within the established organizational framework and oversight processes.

Qualifications

•Bachelor's degree in a related field (Master’s preferred)

•10+Yrs experience, with 8 Yrsin IT Audit, IT GRC, Technology Risk, Information Security, assessing new system development projects against regulatory requirements such as HIPAA, SOX and PCI DSS.

•Experience with Technology Risk Management / ITAudit function in Enterprise organizations

•Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), or Certified Information Security Management (CISM) certifications

•In depth knowledge regulatory requirements such as HIPAA, SOC and PCI-DSS

•Understanding of risk and control frameworks such as COBIT, UCF, ITIL, HITRUST and ISO.

•Demonstrated ability to educate business unit executives and IT professionals about technology and IT regulatory requirements, risk remediation and acceptance options in the context of large complex projects.

•Excellent communicator with strong client relationship focus with business sponsors, enterprise architects, and information security engineers to articulate business case and technology options

•Exceptional advisory and consulting skills of technology risk and control matters

•IT Project Management Professional (PMP®) from the Project Management Institute – a plus.

ITmPowered, , 855-738-0900,