Crownpeak is looking for a Director of Internal Audit and Compliance. Reporting to the Chief Technology Officer (CTO) as part of the Office of the CTO, the Director of Internal Audit and Compliance serves as the focal point for Crownpeak’s program of governance and compliance. In this capacity, the Director of Internal Audit and Compliance is responsible for assessing (and enforcing, where appropriate) the Company’s suite of operational controls, procedures and processes to ensure adherence to all applicable legal, regulatory and corporate standards.
• Serve as subject matter expert for major compliance and governance programs
• Coordinate with Chief Technology Officer, Chief Privacy Officer, Head of Information Security to ensure coherent, comprehensive approach to governance and compliance
• Manage internal and external audit and certification programs to ensure continued compliance with all applicable policy, procedure and regulation
• Identify material compliance exceptions (both actual and potential) to senior management
• Prescribe and implement appropriate process adjustments to improve compliance position. Recommend internal control improvements, including operational improvements.
• Build key internal partnerships to assist management in adopting internal controls. Partner with different business owners on implementation of, and compliance with, various controls
• Conduct periodic risk management review and maintain formal risk register
• Other internal responsibilities:
o Adheres to all company policies and procedures including, but not limited to those identified within the Standards of Business Conduct and the Employee Handbook, as may be amended from time to time. Adheres to all applicable laws and regulations and the company's governance/compliance program.
o Responsible for reporting violations of the company's policies and procedures, Standards of Business Conduct, governance program, laws and regulations through the company's Help Line or other mechanism that may be available at the time of the violation. Assists with internal control failure remediation efforts.
o Becomes knowledgeable of internal control responsibilities through training and instruction. Responsible and accountable for internal control performance within their area of responsibility. Participates in the internal controls self-assessment process.
o Ensures concerns with internal control design or performance and process changes that impact internal control execution are communicated to management.
· Familiarity with the following compliance/certification standards with skill level as noted: (Basic, Intermediate, Advanced, Expert)
o SSAE16 / SSAE18 - Advanced
o GDPR - Advanced
o FISMA - Intermediate
o PIPEDA - Intermediate
o US Privacy Shield - Intermediate
o Dodd-Frank - Intermediate
o Graham-Leach-Bliley (GLBA) - Intermediate
o FINRA - Basic
· Prior practical experience in the following areas is considered relevant to the position as indicated: (Mandatory, Desirable, Useful)
o Minimum five (5) years running internal audit function – Mandatory
o Strong understanding of generally-accepted audit and compliance practices - Mandatory
o Compliance status reporting at executive / board level - Mandatory
o Interfacing with government and industry regulatory bodies - Desirable
o IAPP Certification (CIPP, CIPM, CIPT etc.) - Desirable
· Personal characteristics are considered relevant to the position as indicated:
o Ability to examine cross-functional processes holistically and identify and address control gaps
o Demonstrated ability to communicate with and influence management at all levels
o Engaging presence, motivating others to achieve shared goals
o Demonstrated ability to drive outcomes based on tight work plans and schedules
o Unquestionable integrity and adherence to the highest ethical standards
o Comfortable with, and effective at driving, significant change