Title: Director, IT Risk and Compliance

General Characteristics

• Leads, develops and maintains the IT risk and compliance management strategy.
• Develops and maintains policy, standards, processes and procedures to assess, monitor, report, escalate and remediate IT risk and compliance related issues.
• Works collaboratively with corporate compliance, internal auditing and corporate risk management and various technical teams in the design and implementation of audit, risk assessment and regulatory compliance practices for IT.
• Leads cross-functional teams in performing reviews and tests of IT internal controls to ensure that existing IT systems are operating as designed and that they contain adequate controls.
• Facilitates risk assessments and identifies risk themes.
• Proactively promotes enhancement of technology-related internal controls awareness and training across IT and business units.
• Monitors and analyzes technology risk trends, recommends appropriate IT policies, procedures and practices to strengthen internal operations.
• Directs IT functional teams in the development, implementation, monitoring and reporting of control processes, documentation and compliance routines.
• Advises IT and business executives on the status of technology risk and compliance issues based on assessment results and information from various monitoring and control systems.
• Educates IT and business executives on appropriate mitigation strategies and approaches. Provides oversight regarding audit, regulatory and risk management activities across IT functional areas, such as the development and maintenance of regulatory documentation (e.g., Sarbanes-Oxley Act compliance).
• Coordinates the IT component of both internal and external audits, federal and state examinations.
• Possesses detailed knowledge of industry regulatory environment and risk management practices, and thorough understanding of local and federal regulations such as Sarbanes-Oxley, Basel II, and HIPAA.

Dimensions Education:

• Bachelor’s Degree in Computer Science, Information Systems, Business Administration, or another related field.
• Or equivalent work experience.

Experience:

• A minimum of 10 years of IT and business work experience including managing team(s) responsible for risk management, compliance and audit, information security management.

Breadth:

• Senior level management in risk and compliance management.
• Has overall responsibility for department decisions and management.
• Provides strategic direction, coaches and mentors more junior management staff and/or senior level professionals. Has accountability for IT functional/departmental results.
• Frequently reports to a corporate risk management executive, Chief Financial Officer or Chief Information Officer.