Program Ownership : Lead the IT SOX program and design, implement, and test IT General Controls (ITGCs), IT Application controls (ITACs) and Key Reports (IPE) across our enterprise applications, databases, and infrastructure.
Audit Management : Serve as the primary "translator" between technical teams and external auditors, ensuring evidence is accurate, timely, and defensible.
Deficiency Management: Lead the root-cause analysis for any control failures and partner with stakeholders to build long-term, remediation plans.
Healthcare Compliance (HIPAA): Act as the technical SME for the HIPAA Security Rule, ensuring controls protect PHI, including controls monitoring and providing guidance to management for new systems.
International Resilience (NIS2): Lead the alignment of our security posture with the NIS2 Directive, focusing on key areas in the directive for our European operations.
Strategic Risk Assessments: Conduct deep-dive risk assessments for new technologies and vendors, ensuring compliance is baked in from the procurement stage.
Program Development: Manage the security awareness program that goes beyond "check-the-box" training. You will create engaging content for diverse audiences, from senior leadership to staff.
Policy Promotion: Translate dense Information Security Policies into digestible, actionable "good practices" for IT administrators and data owners.
Culture Building: Design targeted communication campaigns to increase internal reporting of security incidents and reinforce the importance of compliance.

Requirements

Experience: 5–7 years in IT Audit, IT Compliance, or Cyber Risk.
Regulatory Knowledge: Expert-level understanding of SOX 404 (ITGCs) and a strong working knowledge of the HIPAA Security Rule and NIS2.
Frameworks: Proficiency in applying NIST 800-53, ISO 27001, NIST CSF, or COBIT.
Certifications: CISA is highly preferred; CISSP or CRISC is a major plus.
Skills: The ability to explain to key stakeholders why a certain control is necessary without sounding like an auditor.
Technology: Experience with ERP systems, such as SAP (ECC/S4 HANA) etc., cloud environments like Microsoft Azure, AWS etc., GRC systems such as Auditboard, Workiva or other.

Benefits

Health benefits – Medical, Dental, Vision
Personal and Vacation Time
Retirement & Savings Plan (401K)
Employee Stock Purchase Plan
Training & Education Assistance
Bonus Referral Program
Service Awards
Employee Recognition Program
Flexible Work Schedules

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

IT General ControlsIT Application controlsKey Reportsroot-cause analysisrisk assessmentssecurity awareness programNIST 800-53ISO 27001NIST CSFCOBIT

Soft Skills

communicationstakeholder managementproblem-solvingpolicy translationculture buildingengagementtraining developmentanalytical thinkingcollaborationleadership

Certifications

CISACISSPCRISC