Develops operational compliance policies and programs based on regulatory guidelines, requirements and best practices for governance, data security, privacy, ethical business practices, and financial services industry standards.
Evaluates changes to requirements and best practices to appropriately incorporate into policies and programs.
Assesses, monitors and verifies implementation of compliant business processes.
Controls, delivers and manages risk activities across the company.
Leads the identification, examination and analysis of process designs, overall control effectiveness, risk mitigation.
Improves operational assurance and risk practices.
Enforces and administers an established and centralized risk management repository related to compliance, conformance and quantified key risks, within risk tolerance guidelines and with defined mitigation measures.
Directs delivery and management of complex risk assignments to ensure positive outcomes.
Acts as main contact for audit teams at a senior level, assesses and challenges scope, controls delivery of preaudit requests, and manages postaudit responses.
Maintains the Audit Tracker.
Briefs executives and provides input to contract negotiations and supports the Assurance Team on specialist audit matters.
Develops and provides business unit, executive, and Board of Director risk and compliance reporting that meets regulatory requirements and assists internal risk-based decision making via governance presentations.
Directs the enterprise strategic risk assessment and writes the annual risk and compliance report which identifies gaps, emerging threats, financial exposure and client impact, and provides remediation action plans.
Presents effective and efficient reporting updates on audit, regulatory, risk exposure, governance matters and IT service continuity priorities and procedures.
Monitors significant risks to ensure they are actively managed and reported.
Designs, develops, implements and continuously improves compliance risk procedures, practices, processes and methodologies to maintain a proactive, risk-based compliance oversight program.
Develops action plans for advancing compliance initiative and for resolving outstanding compliance issues.
Anticipates how the organization must adapt to changes in the industry to sustain competitive advantage.
Provides compliance guidance and responds to requests for assistance from the business and technology teams pertaining to compliance rules.
Masters CGEIT, CISA
10-12 years of experience.
Expertise in IT compliance requirements from various standards & regulations (SOX, SSAE16 SOC1/2 reviews, ISO 27001, HITRUST, PCI DSS, HIPPA etc.).
Proficiency in General IT Controls, Business Continuity management, applications controls and third party reviews.
Good understanding of various industry standards, best practices and IT risk frameworks e.g. COBIT, NIST, CIS etc.
Proficiency in General IT Controls, Business Continuity management, applications controls and third party reviews.Evaluate the adequacy of internal control and processes through detailed testing.
Strong understanding of business processes, financial reporting and information technology audit and control frameworks such as SOX, COBIT, ITIL, and PCI.