Ensure all systems, procedures, programs and processes, are compliant with state and federal laws and regulations; Danaher audit requirements; and ISO/NIST standards related to information security. Employee is responsible for proactively evaluating system security and performance to maintain compliance. Employee assists with: development of required annual company risk assessment tools and reports; annual review of established company information security programs; compilation, submission and remediation of information security audit responses; and annual review and update of the IT Disaster Recovery Plan and IT Business Continuity Plan. Employee participates on IT project teams to ensure security best practices are incorporated into new and upgraded IT projects, and performs or directs the performance of periodic tests of system security performance for audit reporting.
Duties and Responsibilities:
Develops, implements, and maintains IT Compliance controls; reviews existing IT compliance controls for regulatory updates and performs the necessary gap analysis; creates and maintains various internal and external audit and compliance schedules
Reviews, documents, evaluates, and tests manual and automated computer controls throughout the corporate IT environment; develops and implements testing methodologies for application development, IT infrastructure, security, and availability; designs and executes compliance tests for IT systems and coordinates required remediation.
ITIL or NIST frameworks to all documentation and remediation efforts; provides guidance to IT in reengineering of processes and procedures in need of remediation; conducts gap analysis via testing and recommends specific actions to fix gaps.
Designs and enhances for internal controls such as segregation of duties, production change management, software management, security, incident handling, and transmission integrity; assists internal audit team and serves as a liaison with external auditors to facilitate auditing process.
Designs audit/compliance programs to ensure ongoing evaluation and validation of IT control effectiveness; performs other duties as assigned.
Maintains rapport with regulatory personnel by arranging continuing contacts; resolving concerns.
Maintains quality service by establishing and enforcing organization standards.
Maintains professional and technical knowledge by attending educational workshops; reviewing professional publications; establishing personal networks; benchmarking state-of-the-art practices; participating in professional societies.
Coordinate multiple projects and tasks without the loss of integrity; conduct research analysis related to information security
Contributes to team effort by accomplishing related results as needed.
Other duties and responsibilities as assigned by IT Director
Knowledge, Skills and Experience:
Four-year degree in Computer Science or equivalent
Knowledge of process improvement and project management methodologies
Three years of full-time experience in IT compliance, or a similar function with an understanding of IT internal controls and IT risk mitigation
Certification in Business Analytics; Information System Security Professional (CISSP) certification; Information System Auditor (CISA) certification; Global Information Assurance Certification (GIAC).
Knowledge of disaster recovery and business continuity measures.
Strong analytical and decision making skills
Excellent verbal, written, and diplomacy skills
Effectively influences and guides others across various organizational structures using strong interpersonal skills
Ability to manage and collaborate with multidisciplinary teams
Ability to prioritize and work on multiple projects under time constraints
Up to 10% travel