Email me newest jobs similar to this one
3 months ago
only 6 days until close

MANAGER, IT RISK & COMPLIANCE


Allegiant Air
Location: Nevada, United States
Job type: Permanent
Sector: IT & Communications
Category: Senior Manager
Apply
Select how you want to share:
View similar
What does a Manager of IT Risk & Compliance do for Allegiant?

The Manager, IT R&C, manages the oversight and documentation of the Information Security/Information Technology risk management program, third party risk assessments, and corporate BCP/DR initiatives. This role is also responsible for managing a variety
of annual/quarterly/monthly procedures/controls such as; user access reviews, policy updates, testing, etc. This role interfaces between senior management and both internal and external auditors for compliance initiatives.

What are some of the daily duties of a Manager of IT Risk & Compliance?

* Leads a team of analysts dedicated to managing IT governance, risk and compliance.

* The Manager will manage the risk assessments for IT. This involves defining the methodology, identifying the risks presented by technological and process changes. This may include the review of supporting processes/ procedures, etc. to ensure the proper
controls are in place and risks are appropriately mitigated.
* Ensures the accurate gathering of relevant business, regulatory, process, and system information; validate/update process flows, risks, and controls; the preparation of accurate, complete, clear, and timely analysis and documentation that reflects an ability
to identify risks and independently assess the adequacy and effectiveness of IT internal controls, policies, processes and procedures.

* Owns the IT risk register and supports continuous improvement of IT risk management processes.

* IT Risk Consulting: Works with IT R&C Analysts to assess risks associated with technology solutions and ensures appropriate remediation strategies are employed. Consults with senior managers to identify and assess current and emerging risks and strategic
initiatives.
* Supports the IT Audit process to ensure its success. Develops and manages effective controls and action plans for any deficiencies.

* Leads the development of risk metric and reporting frameworks for Information Security. Delivers these metrics and reports on weekly, monthly and quarterly basis.

* Defines action plans and timelines with process owners and manage them to completion/implementation

* Manages Information Security Incident Management: Ability to investigate, document and report on incidents that impact confidentiality, integrity and/or availability.

* Manages the IT policies, standards and procedures program. Ensures all IT Policies, Standards and Procedures meet the guidelines established for each; ensures they are properly housed, refreshed, inventoried and approved.

* Drafts Information Security deliverables to both internal and external partners on a variety of topics including, security breaches, policy governance, etc.

* Manages scheduled assessments to identify gaps in IT business continuity, emergency and disaster recovery plans.

* Manages plans and practices to achieve efficient and effective communication and restoration of operations during IT emergencies.

* Manages Disaster Recovery initiatives and plans
* Manages the annual IT BCP exercise and resources.
* Manages IT business continuity planning awareness training and identify potential business interruptions, develop safeguards against these interruptions, and implement recovery procedures in the event of a business interruption.

What are the minimum requirements to be a Manager of IT Risk & Compliance?

* Bachelor’s Degree or equivalent experience required with a 10 or more years of experience in Internal Audit (IT Audit preferred), IT Risk, or Information Security.

* Effective project management skills (task identification, prioritization, and documentation)

* Demonstrated ability to effectively balance multiple responsibilities which may frequently change

* Ability to learn information quickly and apply risk/control considerations which impact downstream decisions

* Ability to interface effectively with internal and external auditors
* Critical thinking skills with strong attention to detail and follow up
* High degree of professionalism and personal integrity
* Ability to work with a high degree of independence
* Excellent documentation skills (process, control, policy, and risk documentation)

* Excellent verbal and written communication skills across all levels of personnel (through executive management and the Board of Directors)

* Knowledge and experience with performing ongoing risk analysis to determine what customer services, supporting business processes, systems, components and applications need to be recovered and within what time frame in order to comply with recovery time
objectives
* Knowledge and experience with creating an ongoing Business Continuity Plan (BCP) training program for managers and staff.

* Working knowledge of Internet, networking (LAN and WAN), data and voice telecommunications, and cloud computing in order to assist in the preparation of recovery procedures in these areas.

What other skills, knowledge, and qualifications are needed to be a
Manager of IT Risk & Compliance?

* One or more of the following is required: CPA, CISA, CISM, and/or CISSP
* Good knowledge of Industry "Best Practices" such as ISO 27001, PCI-DSS
* Good knowledge of TCP/IP and related protocols
* Familiarity with intrusion detection and prevention techniques
* Ability to conduct research into security issues and products as required
* Working knowledge of standard risk management/control frameworks such as COBIT, ISO 27005, COSO, NIST 800-30, and ITIL

* Strong understanding of internal audit and risk-based methodologies
* Sarbanes-Oxley (SOX) experience
* Experience in two of three areas: IT Audit, IT Risk and Information Security
* Demonstrated proficiency in assessing risk and risk management practices.
* Possesses in-depth/significant knowledge of IT policies, standards and procedures frameworks and their development, implementation and update

* Must pass a background check and pre-employment drug test.
* Must have authorization to work in the U.S. as defined in the Immigrations Act of 1986.

What are the physical requirements of a role?

* Ability to work in a fast-paced environment
* Ability to work in a stressful environment.
* Ability to travel nationally/internationally as required
What does a Manager of IT Risk & Compliance do for Allegiant?

The Manager, IT R&C, manages the oversight and documentation of the Information Security/Information Technology risk management program, third party risk assessments, and corporate BCP/DR initiatives. This role is also responsible for managing a variety
of annual/quarterly/monthly procedures/controls such as; user access reviews, policy updates, testing, etc. This role interfaces between senior management and both internal and external auditors for compliance initiatives.

What are some of the daily duties of a Manager of IT Risk & Compliance?

* Leads a team of analysts dedicated to managing IT governance, risk and compliance.

* The Manager will manage the risk assessments for IT. This involves defining the methodology, identifying the risks presented by technological and process changes. This may include the review of supporting processes/ procedures, etc. to ensure the proper
controls are in place and risks are appropriately mitigated.
* Ensures the accurate gathering of relevant business, regulatory, process, and system information; validate/update process flows, risks, and controls; the preparation of accurate, complete, clear, and timely analysis and documentation that reflects an ability
to identify risks and independently assess the adequacy and effectiveness of IT internal controls, policies, processes and procedures.

* Owns the IT risk register and supports continuous improvement of IT risk management processes.

* IT Risk Consulting: Works with IT R&C Analysts to assess risks associated with technology solutions and ensures appropriate remediation strategies are employed. Consults with senior managers to identify and assess current and emerging risks and strategic
initiatives.
* Supports the IT Audit process to ensure its success. Develops and manages effective controls and action plans for any deficiencies.

* Leads the development of risk metric and reporting frameworks for Information Security. Delivers these metrics and reports on weekly, monthly and quarterly basis.

* Defines action plans and timelines with process owners and manage them to completion/implementation

* Manages Information Security Incident Management: Ability to investigate, document and report on incidents that impact confidentiality, integrity and/or availability.

* Manages the IT policies, standards and procedures program. Ensures all IT Policies, Standards and Procedures meet the guidelines established for each; ensures they are properly housed, refreshed, inventoried and approved.

* Drafts Information Security deliverables to both internal and external partners on a variety of topics including, security breaches, policy governance, etc.

* Manages scheduled assessments to identify gaps in IT business continuity, emergency and disaster recovery plans.

* Manages plans and practices to achieve efficient and effective communication and restoration of operations during IT emergencies.

* Manages Disaster Recovery initiatives and plans
* Manages the annual IT BCP exercise and resources.
* Manages IT business continuity planning awareness training and identify potential business interruptions, develop safeguards against these interruptions, and implement recovery procedures in the event of a business interruption.

What are the minimum requirements to be a Manager of IT Risk & Compliance?

* Bachelor’s Degree or equivalent experience required with a 10 or more years of experience in Internal Audit (IT Audit preferred), IT Risk, or Information Security.

* Effective project management skills (task identification, prioritization, and documentation)

* Demonstrated ability to effectively balance multiple responsibilities which may frequently change

* Ability to learn information quickly and apply risk/control considerations which impact downstream decisions

* Ability to interface effectively with internal and external auditors
* Critical thinking skills with strong attention to detail and follow up
* High degree of professionalism and personal integrity
* Ability to work with a high degree of independence
* Excellent documentation skills (process, control, policy, and risk documentation)

* Excellent verbal and written communication skills across all levels of personnel (through executive management and the Board of Directors)

* Knowledge and experience with performing ongoing risk analysis to determine what customer services, supporting business processes, systems, components and applications need to be recovered and within what time frame in order to comply with recovery time
objectives
* Knowledge and experience with creating an ongoing Business Continuity Plan (BCP) training program for managers and staff.

* Working knowledge of Internet, networking (LAN and WAN), data and voice telecommunications, and cloud computing in order to assist in the preparation of recovery procedures in these areas.

What other skills, knowledge, and qualifications are needed to be a
Manager of IT Risk & Compliance?

* One or more of the following is required: CPA, CISA, CISM, and/or CISSP
* Good knowledge of Industry "Best Practices" such as ISO 27001, PCI-DSS
* Good knowledge of TCP/IP and related protocols
* Familiarity with intrusion detection and prevention techniques
* Ability to conduct research into security issues and products as required
* Working knowledge of standard risk management/control frameworks such as COBIT, ISO 27005, COSO, NIST 800-30, and ITIL

* Strong understanding of internal audit and risk-based methodologies
* Sarbanes-Oxley (SOX) experience
* Experience in two of three areas: IT Audit, IT Risk and Information Security
* Demonstrated proficiency in assessing risk and risk management practices.
* Possesses in-depth/significant knowledge of IT policies, standards and procedures frameworks and their development, implementation and update

* Must pass a background check and pre-employment drug test.
* Must have authorization to work in the U.S. as defined in the Immigrations Act of 1986.

What are the physical requirements of a role?

* Ability to work in a fast-paced environment
* Ability to work in a stressful environment.
* Ability to travel nationally/internationally as required
Apply

Email me newest jobs similar to this one

  Back to the top