Senior Risk and Compliance Consultant - Urgent

As an employee, you Turn Change Into Value® - for our clients, for our company, for your professional growth, for the consumers. We hire the best and brightest, who are driven to create lasting value. At xScion, you aren't just another team member, you're impactful. You're empowered. You're driven. You're an xScioneer.

Location: Remote (Washington, DC)

As a Senior Risk and Compliance Consultant, You Will:

• Develop, enhance, and operationalize enterprise-level risk and compliance policies, processes, and controls to mitigate risk and comply with applicable laws and regulations.
• Performing activities to monitor and assess governance, risk, and compliance controls on an ongoing basis.
• Work closely with the operational departments (Legal, Enterprise Risk Management, DEI, DRI, Internal Audit, and IT) to develop and monitor cybersecurity policies/standards to achieve compliance with applicable requirements.
• Collaborate with key stakeholders to review projects, business critical systems and related data to ensure compliance with regulatory laws, and if necessary, perform and advise on risk impact assessments.
• Coordinate, conduct and act as primary contact for all internal and external audits (cyber security & compliance).
• Lead the development and ongoing management of a risk program across the company.
• Identify, track, monitor, and report on SOX IT General Controls and other compliance requirements.
• Provide recommendations to stakeholders when appropriate.
• Design and implement a robust cyber risk governance framework, processes and stakeholder engagement strategy tailored to our organization's specific needs and requirements.
• Operationalize cyber risk governance to ensure seamless integration into daily operations and decision-making processes.
• Influence stakeholder adoption of cyber risk management standard guidelines for ownership identification and assignment of accountability for top cyber risks and mitigating activities.
• Establish reporting and updating procedures with accountability owners and ensure they are followed.
• Develop and implement performance metrics to measure the effectiveness of cyber risk governance activities.
• Collaborate with cross-functional teams to embed a culture of cyber risk awareness and accountability throughout the organization.
• Provide training and support to stakeholders on utilizing cyber risk governance tools and interpreting data insights effectively.
• Educate employees on risk management principles, processes, and their responsibilities; foster a cyber risk-aware culture within the organization by promoting awareness and understanding of cyber risk management across all levels.
• Drive continuous improvement initiatives to enhance the efficiency and effectiveness of cyber risk governance processes.
• Conduct comprehensive cyber risk assessments of information systems, applications, 3rd parties and processes to identify potential vulnerabilities, threats, and impacts.
• Analyze and prioritize cyber risks based on their potential impact on the organization’s operations, data, and reputation.
• Develop and implement cybersecurity training programs to educate employees on their obligations and promote a culture of compliance.
• Keep abreast of industry trends, regulatory developments, and emerging technologies to innovate and evolve our cyber risk governance capabilities.
• Oversee creation of mitigation plans and processes, incorporating risk registers and controls on risks, and helping accountability owners understand the plans to reduce risk.
• Collaborate with cross-functional governance teams/risk management owners to ensure mitigation implementation strategies are appropriately established and accountability holders are held responsible.
• Coordinate with different accountability owner's leadership to ensure teams are tracking and trending properly.
• Ensure risk areas receive the appropriate amount of attention and oversee the process on any necessary follow-ups.
• Set best practices for identifying risk policy or procedure, risk ownership, or contractual language issues from relevant stakeholders for a portfolio of projects and/or risks.

To Be Successful, You Need:

• Bachelor’s degree in IT/Technology, Accounting, or Business related legal field.
• 8+ years of experience in Risk Management, Privacy, Cyber Security, Compliance, and/or Internal Audit experience
• Experience initiating and/or managing programs or projects in a rapidly changing or ambiguous environments that led to substantial improvements in risk.
• The ability to balance business interests with the need for compliance standards.
• Expertise in compliance standards, e.g., SOX, ISO 27001, SOC1/2, SSAE 16, NIST CSF and PCI DSS.
• Strong understanding and experience in enabling GRC solutions and common control framework for data regulations.
• Excellent process improvement skills.
• Ability to work independently in a fast-paced environment and handle multiple complex & confidential tasks.
• Excellent communication, interpersonal skills and attention to details & deadlines.
• Experience with GRC tools such as Service Now, OneTrust, AuditBoard, etc.
• Experience in cyber security and governance with increasing responsibilities.
• Strong background in cyber security controls, auditing, network and system security.
• Ability to express complex technical concepts in business terms.
• Organized and detail-oriented, able to work well under deadlines in a changing environment and complete multiple projects effectively and concurrently.
• Evaluate effectiveness of the internal cyber security control framework and recommend adjustments as business needs change.
• Regularly interact with all levels of management to present and discuss control effectiveness.
• Review and coordinate changes to cyber security policies, procedures, and standards.
  
• Permanent Residency required

Why xScion?

• We have an amazing culture– We were named a Best Places to Work in Virginia 7 times, including 2023.
• We are poised for rapid growth– We are on the cutting edge of digital transformation in Financial Services, Healthcare, Nonprofit and Public Sector and continuously welcome new clients to the xScion family.
• We believe in your continuous development– We invest in our teams’ development, including our Communities of Practice, technology partnerships, sandbox and paying for certifications and trainings to improve their skills because we are committed to collectively being the best at what we do.
• We want you to make an impact in whatever you do– Our people are given the opportunity to provide impactful change to our clients and team.
• We believe in equality - As a woman-owned organization, we believe in an inclusive and diverse culture where everyone’s uniqueness makes us stronger.
• Great Benefits: Medical, dental, 401(k) match, flexible spending and more, but we also have unique perks such as up to 27 days off a year (including your birthday!), remote work opportunities, parental leave, wellness benefits and many other things that inspire balance and flexibility.

We’re Transforming RegTech Organizations:

At xScion, we Turn Change Into Value. We help clients in highly regulated industries start or accelerate their digital transformation initiatives by shifting their mindset and goals into smaller, actionable steps that create lasting value. With more than 20 years of experience supporting Regulatory Technology (RegTech), xScion provides both domain experts and tailored solutions to help organizations navigate complex compliance and technology requirements. We specialize in Business Agility, Cloud Transformation and Organizational Change Management solutions for clients in Financial Services, Public Sector, Nonprofits and Healthcare. Our experts help prepare and create change to clients’ processes, technology and culture in order to improve operational efficiencies and the customer experience. As a certified Woman-Owned Small Business, we are proud to be the most trusted solutions partner that business and technology leaders count on to deliver lasting, impactful value.

All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or protected veteran status. xScion takes affirmative action in support of its policy to employ and advance in employment individuals who are minorities, women, protected veterans and individuals with disabilities.

You will be added to our talent community when you apply to this job. You may opt out at any time.

Want to Learn More about xScion? 

Check us at out on www.xscion.com or socially at LinkedIn, Twitter and Glassdoor.