Director, IT Risk & Audit

Norwalk, CT

Actions

Share This Job

Bookmark and Share

Job Description

Company Information:

HomeServe USA is a leader in supplying homeowners with worry-free warranty services that provide peace of mind.  Our incredible growth rate is fueled by a dynamic team of individuals who value teamwork, collaboration and providing exceptional customer service while maintaining a work atmosphere that’s fun and friendly. HomeServe USA is part of a global organization that serves millions of customers in the US, UK, France, Germany, Italy, Canada and Spain.  We’re strong, stable and growing.

Position Overview:

The Director, IT Risk and Audit is responsible for assessing and overseeing all technology-related compliance issues across the organization including information security, privacy, business continuity, identity management, user access and data integrity. This includes providing objective risk assessments of the company's compliance with regulatory, organizational and commercial requirements governing the organization's information technology systems.

This role will also direct and/or influence the development and implementation of policies, procedures and controls to ensure that the organization's security and audit compliance remain in line with US laws, industry standards, and HomeServe PLC Audit recommendations. In this role, the IT Risk and Audit Manager will work directly with non-IT compliance professionals such as finance, marketing, legal, audit and corporate compliance to ensure organizational alignment.

Detailed Responsibilities:

  • Determine and maintain an inventory of all regulatory, commercial and organizational technology compliance requirements.
  • Facilitate the creation and modification of all technology compliance policies.
  • Create an IT compliance risk assessment framework and periodically assess the regulatory, commercial and organizational, inherent and residual IT compliance risks.
  • Identify the associated IT compliance control gaps and oversee the documentation, implementation and testing of the entire IT compliance control portfolio.
  • Develop and direct IT compliance control monitoring programs to ensure IT compliance-related risks are managed to the appropriate level of acceptable residual risk.
  • Implement and maintain an IT compliance issue management tracking and resolution process that will address known issues, according to severity and potential impact to the organization.
  • Report the levels of IT compliance risk and control effectiveness to key stakeholders such as IT-business unit management, senior management, legal management, internal/external auditors, etc.
  • Enforce security controls including timely reporting of security breaches.
  • Ensure the company prepares, executes and maintains the necessary certifications as defined by the Group CIO Homeserve and CIO Homeserve USA.
  • Coordinate security readiness activities in concert with the Director of IT Infrastructure to include penetration testing (internal and external), communications networks, voice and voice recording systems, etc.
  • Coordinate audit-related tasks such as ensuring the readiness of IT managers and their organizations for audit testing and facilitating the timely resolution of any audit findings.
  • Manage the overall IT compliance-related budget/financial spend in accordance with the desired IT compliance risk appetite of the organization.
  • Provide technological advice and insight on compliance requirements to non-IT leaders such as the general counsel, chief compliance officer (CCO), chief risk officer (CRO), etc.
  • Assist business and IT managers with the acquisition of tools and expertise to assist with IT compliance-related projects and initiatives.
  • Create an IT compliance training and awareness program that periodically educates the requisite end-user community on the relevant IT compliance requirements, and certifies their adherence to the relevant IT compliance controls.

 

 

 

 

Skills/Requirements

 

Job Requirements

Regulatory Compliance Activities

  • Work with corporate legal and compliance representatives to identify all related IT compliance requirements (i.e., security, user access, privacy, data integrity, etc.) associated with the laws and regulations within all relevant jurisdictions.
  • Ensure all related IT compliance policies are updated, based on any relevant regulatory changes or new laws.
  • Create a regulatory change management process that identifies and coordinates the modification of related technological functions, business processes and/or compliance controls.
  • Conduct necessary IT compliance control monitoring and testing activities to determine the effectiveness of the controls.
  • Remediate IT compliance control deficiencies.
  • Coordinate the investigation of any potential unlawful or fraudulent action related to IT compliance, such as the intentional release of privileged information or a related security breach.

Commercial Compliance Activities

  • Work with corporate procurement, strategic sourcing, and sales and marketing representatives to identify all IT compliance commercial requirements and industry standards, related to the supply as well as the delivery of goods and services.
  • Communicate IT compliance standards and requirements to relevant suppliers through various means, such as requests for proposal, contractual terms, etc.
  • Perform necessary due diligence activities to determine third-party adherence with IT compliance requirements prior to establishing a business relationship.
  • Monitor third-party adherence to IT compliance requirements and address any and all instances of noncompliance.
  • Request proof and participate in the development and enforcement of required industry standard certifications (e.g., ISO 27001, Service Organization Control Reports, PCI DSS, etc.).

Organizational Compliance Activities

  • Work with IT and business representatives to identify the goals and objectives of the organization and translate them into IT compliance requirements such as IT security and user access policies and controls.
  • Evaluate any related external frameworks or standards (e.g., ITIL, COBIT, National Institute of Standards and Technology [NIST], etc.) or internal standards (e.g., code of conduct and use) to determine the relevant IT compliance requirements and controls.
  • Identify any gaps between the desired level of compliance and the current level of maturity.
  • Implement the required IT compliance policies and controls to meet the desired level of compliance maturity reflected in a given standard or framework.
  • Oversee the monitoring and periodic testing of IT compliance controls to ensure ongoing adherence, with a given standard or framework.
  • Identify and resolve any issue of noncompliance, with a related standard or framework.

 

Education, Training and Certification

  • Undergraduate degree in the field of law, computer science or business administration; graduate degree in one these fields desired.
  • Industry-related legal, compliance, information security or business continuity management certification is preferred.

Business Knowledge and Technical Experience

  • 15+ years' experience working in industry.
  • 10+ years' experience managing compliance assessments within a corporate setting.
  • Proven experience developing and submitting IT audit and compliance reports to governing bodies, legal entities and/or external authorities.
  • Experience in planning, organizing and developing information technology policies, procedures and practices.
  • Direct experience and knowledge of national, state, provincial and local information technology laws and regulations.
  • Strong communication skills (written and oral.
  • Demonstrated ability to apply IT-related knowledge and experience in solving compliance issues.
  • Excellent knowledge of technology environments, including information security, encryption methods and privacy-based solutions.
  • General knowledge of business theory, business processes, management, budgeting and business office operations.
  • Demonstrated understanding of data processing, hardware platforms, enterprise software applications and outsourced systems.
  • Understanding of computer systems and integration capabilities.
  • Solid understanding of project management principles.
  • Ability to translate understanding of the organization's goals and objectives into compliance requirements.

 

In return we offer

  • Competitive compensation
  • Career development and advancement opportunities
  • Business-casual attire throughout the week
  • Friendly, open and team oriented work atmosphere
  • Excellent benefits including generous medical, vision, dental and life & disability insurance
  • 401(k) plan with a company match

 

HomeServeUSA is an equal opportunity employer.

Actions