Manager Sdlc Grc Compliance

POSITION TITLE: MANAGER SDLC GRC COMPLIANCE

Requisition ID  - 1191194

1.PURPOSE: 

This position is responsible for planning and managing the SDLC GRC Compliance process to ensure that SOX controls are in place and tested throughout the Software Development Life Cycle for major system implementations/ upgrades. This position will work under the supervision of the Director IT Compliance and will be responsible for identification and management of improvements to the design and operating effectiveness of SOX controls in response to large scale IT projects. Timely communication of the status of the pre -implementation review to senior leadership in Compliance, IT and business is a critical component of this position.

2. ESSENTIAL RESPONSIBILITIES:

•Manage the preparation, planning and execution of SDLC related IT control testing for pre and post system implementations.

•Partner with all levels of IT and business management in the design and implementation of SOX controls. Ensure that SOX system pre implementation testing is conducted in a cooperative, timely and efficient manner with value added reporting and cost -effective recommendations being provided to management to strengthen controls.

•Collaborate with various groups (e.g., internal IT organization, Applications owners, business process owners) and understand the impact of the implementation on the existing IT controls structure.

•Responsible for maintaining auditor Document Request Lists (DRLs) or any audit request and ensuring all responses are on time with high accuracy and completeness.

•Create, direct and/or perform the preparation and execution of security related IT control tests including IT segregation of duties reviews.

•Routinely summarize and communicate to the affected project team, control owners and IT management, control weaknesses identified during testing, status of SDLC audit, issues resolution/ escalation

•Document the audit procedures in workplans; Prepare reports on findings and recommendations for policy, procedure and internal control improvements.

•Provide ongoing education of IT Control Operators/Owners/Reviewers, especially around control design and execution, as well as how to assemble complete and accurate evidence documentation

•Identify on an on -going basis relevant industry trends and potential evolving risks facing IT initiatives, potential changes to IT internal controls over financial reporting and assess their impact on the scope and strategy of the IT department.

•Manage the identification and evaluation of new third -party IT service providers.

•Perform customary administrative tasks and responsibilities. Providing testing assistance as part of the IT SOX testing program, when needed.

•Other assignments or special projects as requested by management.

3.DECISION MAKING/ACCOUNTABILITY

•Work is governed by Sarbanes Oxley. Within the regulatory framework issues arise that are substantially complex, varied and regularly requires the selection and application of technical and detailed guidelines. Independent judgment is required to identify, select, and apply the most appropriate methods as well as interpret precedent. The position regularly makes recommendations to management on areas of significance to the department and organization at large.

•This position is expected to operate very independently. Supervision received typically consists of feedback, coaching and advice

•This role typically has one direct report.

4.KNOWLEDGE, SKILLS & EXPERIENCE: 

•6 or more years of technology and audit experience (general technology controls, application, and security) within a public accounting, and/or internal audit function.

•In depth understanding of System Development Lifecycle methodology (SDLC), application security, Application Controls, IT General Controls including interfaces and configurations on a variety of applications, operating systems, databases and networks

•Five or more years of experience with internal controls evaluation, COS