Compliance Director
Group Objective Provide oversight and direction to managing IT risks and controls in conjunction with Internal and External Audit, other risk functions, and regulators. Understand and apply business unit requirements, perspectives and initiatives to IT risks and controls including: - IT risk assessments - General computer controls audits - Automated application controls and integration with business processes - Sarbanes-Oxley related control documentation and assessment activities - Internal Audit initiatives - Regulator activities Provide leadership and direction with the development of enterprise-wide compliance programs to address the needs of key stakeholders. Key stakeholders include: CIO, CTO, CFO, Controller, Board of Directors (Audit Committee), Internal and External Audit, and regulators. Understand IT and business organization, key technologies, processes, and controls. Manage and monitor management control assertions, monitor gaps, and remediation action plans (including obtaining results of management retesting), participate in risk assessment activities, work with internal and external audit, and coordinate third party assessments. Develop and nurture contacts within each business unit to successfully build a community within IT to address audit initiatives and resolutions to audit findings. Participate with executives and senior managers to present and discuss audit strategy, direction, initiatives and findings. Develop and deliver communication and material (e.g. Application Control Profiles) in support of audit initiative progress and overall IT Audit status.
Job Description
Provide technology risk assessments in the context of an enterprise risk framework that address the interrelationship among business, financial, operational, regulatory, and technology objectives. Understand and be able to apply, in a practical manner, concepts of risk and control inherent in major IT processes in support of business processes for the company – specifically articulating how business processes are supported by information systems. Knowledge of technology risks and control aspects of IT architecture (e.g. COBIT) and configuration. Awareness of the evolving global regulatory landscape and the ability to assess and address the related compliance risks in a proactive manner. Understand the requirements of each audit initiative and determine the executive stakeholder needs to ensure successful audits and the development of risk mitigation plan as necessary. Direct and control the activities necessary to establish and operate an enterprise program for the delivery of corporate wide audit initiatives (e.g., Sarbanes-Oxley).
Function as a key liaison/mediator/negotiator between business unit CIOs, business partners, and corporate IT executive leadership, Internal and External Audit for IT related audit activities. Establish pro-active relationships with regulators to anticipate changes in the environment that could impact the overall business. Strong communication skills (interpersonal, oral, written, and presentations) including be able to translate technical issues into business risks. Participate in audit meetings and required executive meetings representing the information technology group. Coordinate management analysis of posed audit issues prior to acceptance and any corrective action plans.
Provide senior management with regular, timely communication on the results of each function and the progress toward key audit initiatives. Communication in the form of presentations, status reports, emails, etc. delivered on a scheduled basis. Ensure communication between auditors (internal and external) and the enterprise IT community across and within each function to enable clarity of plans and successful execution of deliverables.
Technical/Functional Qualifications
Bachelor’s degree in Computer Science or related field
CPA preferred or Master’s degree in Business, Technology or related field preferred
CISA (Certified Information Systems Auditor) Certification
10-12 years experience in IT (External) Audit experience demonstrating advanced risk assessment skills
8+ years experience in strategy, consulting, and client management role involving project and technical delivery ideally with Accounting/Finance/Treasury/HR applications and business processes
8+ years experience at senior management/executive level of interaction
8+ years experience in the analysis and development of best practices, business processes, financial modeling and analysis related to information technology
Strong technical knowledge-base
Strong interpersonal, oral/written, and presentation communications skills
Strong negotiation and facilitation skills
Strong team/relationship building skills
Ability to communicate at the executive level
Knowledgeable in delivering complex information concerning IT projects and solutions to line-of business management and staff
Working knowledge of PCAOB Auditing Standard 2, related deficiency evaluation framework and COBIT.
Critical Success Factors
Assessing technology risks utilizing business, technology and audit experience
Team and relationship building
Communication
Charles Schwab & Co. Inc. was recently listed by Computerworld as one of the 100 Best Places to Work for IT Professionals. For the full article, please click on this link:
|
Information Technology 
