Senior Manager – IT Governance, Risk, and Compliance
The Senior Manager – IT Governance, Risk, and Compliance is responsible for leading enterprise IT risk management and compliance processes including internal audit, IT risk management, cyber security, and continuous improvement. This position is responsible for enterprise wide IT governance and risk activities including the evolution, growth, and daily management of the IT Governance, Risk, and Compliance team. This individual will serve as IT compliance and compliance subject matter expert to the GDIT Chief Information Security Officer (CISO) and Chief Information Officer (CIO). Specific responsibilities include:
- Experience with IT Risk Management principles including industry leading practices, industry frameworks, and process flows Management of cyber security compliance functions including reporting on gaps, variances, and the assessment and disposition of cyber risk Ability to proactively document and understand key IT controls across operational and information security domainsExperience with management of large scale Plan of Actions and Milestones (POA&M) processes including the tracking of noted exceptions and variancesKnowledge of IT audit principles including control environments, audit testing techniques, documentation, and root cause analysisAbility to manage and evolve processes that enable the rapid evaluation of enterprise use of cloud servicesThe ability to proactively support various IT audit obligations across Sarbanes Oxley, Internal Audit, ISO 20000, and regulatory agencies
- BBA/BS/MS/MBA degree or a related technical discipline, or the equivalent combination of education, technical certifications or training, or work experience.Relevant certifications strongly preferred
- 8-10 years of direct experience in IT risk management, internal audit, project management, or information security required5 years of experience in a direct personnel management role for a minimum of 10 employees with responsibility for managing job performance, technical skills development, and career management required2+ years’ experience managing business budgets, plans, and investment strategies requiredDirect experience in consulting or service management strongly preferred.Relevant cyber security controls experience strongly preferred.