Position Overview:
The Manager IT Compliance is responsible for ensuring IT compliance and controls are seamlessly integrated into IT operations. This position will play a pivotal role in maintaining the integrity of our IT systems and processes. As a key liaison between IT and Business leadership, you will collaborate closely to understand our Operating Unit's primary business operations, IT structure, and support model. This multifaceted role will empower you to guide the IT leadership team in aligning our IT controls, policies, and processes with corporate guidelines, ensuring a secure and efficient environment.
Essential Job Skills/Duties:
Role Overview:
.This role will be closely working with IT and Business leadership and developing an understanding of the Operating Company's (OpCo) primary business operation, IT organizational structure, and support model.
.Advise the OpCo's IT leadership team on required IT General controls, policies, and processes to align with corporate guidelines.
.Works closely with the QCO IT compliance team to stay updated on the necessary controls and processes required by the company and how these controls are implemented across all operating units.
.Attends OpCo's periodic IT planning meetings to understand upcoming IT projects and evaluate the impact on IT controls and processes. Based on the information gathered, develop and communicate compliance objectives to various IT teams to achieve appropriate compliance goals.
.Assist with designing and documenting IT processes and controls and identifying opportunities for more efficient and effective processes and controls.
Job Activities Overview:
pletes individual assignments or leads teams in initiatives as assigned.
.Assists in managing the planning, designing, writing, and finalization of policies, control framework, and procedures.
.Responsible for the monitoring of overall adherence to the IT controls through regularly scheduled reviews of in-scope technical areas.
.Ensures compliance with contractual requirements that are usually based on NERC/CIP, ISO 27001, COBIT, NIST 800-53, etc.
.Reviews and provides guidance from a compliance perspective across areas such as application controls, logical access controls for applications, operating systems and databases, backup and recovery procedures, change controls, pre and post-deployment assessments, user administration, perimeter security, network/application architecture and selected configuration management controls on technical platforms such as VPNs, VMWare, Windows Server 20XX, AIX-UNIX, Linux and Cisco firewalls.
.Works with IT to close issues through oversight and review of remediation plans and accompanying evidence.
.Stays up to date on changes to technology, internal policy and standards, and relevant regulatory programs, evaluates potential impacts on the risk and controls, and suggests modifications to IT control framework.
.Assists in managing, training, coaching, and developing junior staff and/or external consultants to ensure that timeline and deliverable requirements are met.
.Leads large and/or multiple projects with assigned resources.
.Takes initiative to develop new approaches and tools.
.Adheres to internal standards, policies, and procedures.
.Performs other duties as assigned.
Audit Support Overview:
.Act as a liaison between the audit team and OpCo's IT team. Responsible for coordinating with the audit team for planning, timing, and scoping of the audit. Also, be responsible for reviewing the audit data request and coordinating with the appropriate team to collect supporting documentation for the audit.
.Assist or run pre-defined system reports for auditors.
.Work closely during audits with the audit team and coordinate follow-up questions and additional requests, providing guidance to operating unit management on addressing audit questions or issues.
.Advise management on remediation plans and work with the relevant teams to ensure the necessary steps are taken to remediate the gaps.
Required Education and Experience:
.Bachelor's degree in MIS, Information Systems, Computer Science, Engineering or Accounting MS and 6 - 8 years of experience in IT Compliance, IT Audit, IT Security, or IT related field.
.Experience performing risk and compliance assessments and in-depth knowledge of industry standards and regulatory requirements (e.g., HIPAA, SOX, FISMA, NIST, ISO 2700X, COBIT, FFIEC, NERC CIP, etc.)
Preferred Education and Experience:
.MS or MBA degree.
. - 6 Years
Licenses/Certifications:
Required Licenses/Certifications
.CISA, CIA, CPA, CISM, CISSP, MCP, MCSE, CCNA - at least one certification required or other applicable for the job certifications are desired.
Supervisory Responsibilities:
Supervises others: No
Has hiring and terminating responsibilities: No
Number of employees report to this job: 0 Subordinate Supervisory Employees, 0 Non-Supervisory Employees
Travel Requirements:
Travels: Yes
Percent of time: 30 - 40%
Overnight required: N/A
Physical Demands:
If one-third of the time - "seldom" or "occasionally" If one-third to two-thirds of the time or more occasionally to frequently" If more than two-thirds of the time - "constantly"
.Stationary Position -Seldom
.Pushing/Pulling/Reaching - Seldom
.Climb - Seldom
.Kneel - Seldom
.Grab - Seldom
.Bend - Seldom
.Lift/carry over - 10 - 30 LBS
.Vision - 20/20 Corrected Vision
.Hearing - Receive detailed information if spoken to
Working Conditions:
.Wet or Humid - Seldom
.Working near or on moving mechanical parts - Seldom
.Working near or on heavy machinery - Seldom
.Working in high places - Seldom
.Exposed to fumes or airborne particles - Seldom
.Exposed to toxic or caustic chemicals - N/A
.Frequency of working in outdoor weather conditions - Seldom
.Work with Electricity - Seldom
.Work with explosives - N/A
.Work on or near a source of radiation - N/A
.Loud noise conditions (above 87dB) - Seldom
.Other Environmental Factors, including weather conditions - N/A
NOTE: THIS JOB DESCRIPTION IS NOT DESIGNED TO COVER OR CONTAIN A COMPREHENSIVE LISTING OF ACTIVITIES, DUTIES, OR RESPONSIBILITIES THAT ARE REQUIRED OF THE EMPLOYEE. DUTIES, RESPONSIBILITIES, WORKING CONDITIONS, PHYSICAL DEMANDS, AND ACTIVITIES MAY CHANGE, OR NEW ONES MAY BE ASSIGNED AT ANY TIME WITH OR WITHOUT NOTICE. QUANTA PROVIDES EQUAL EMPLOYMENT OPPORTUNITIES TO ALL EMPLOYEES AND APPLICANTS FOR EMPLOYMENT AND PROHIBITS DISCRIMINATION AND HARASSMENT OF ANY TYPE WITHOUT REGARD TO RACE, COLOR, RELIGION, AGE, SEX, NATIONAL ORIGIN, DISABILITY STATUS, GENETICS, PROTECTED VETERAN STATUS, SEXUAL ORIENTATION, GENDER IDENTITY OR EXPRESSION, OR ANY OTHER CHARACTERISTIC PROTECTED BY FEDERAL, STATE OR LOCAL LAWS. THIS POLICY APPLIES TO ALL TERMS AND CONDITIONS OF EMPLOYMENT, INCLUDING RECRUITING, HIRING, PLACEMENT, PROMOTION, TERMINATION, LAYOFF, RECALL, TRANSFER, LEAVES OF ABSENCE, COMPENSATION, AND TRAINING.
PI6fa98b7bab14-2298
