Megamind IT Solutions

Information System Compliance Manager

Job Description:

Information System Compliance Manager is responsible for ensuring that the company is conducting its business in full compliance of with all national and international laws, including regulations this will involve the creation, review and implementation of policies and procedures and best practices.

DUTIES & RESPONSIBILITIES:

  • Responsible for the oversight, coordination, and continuous monitoring of the Information Security Management System (ISMS) controls and risks.
  • Develop, maintain, evaluate, and implement policies and procedures aligned with business, compliance and/or regulatory requirements..
  • Support the development and execution of compliance assessments and testing of controls.
  • Evaluate design and effectiveness of controls through testing and document test results to provide to auditors.
  • Organize and lead IT walkthrough meetings with control owners from additional teams including HR, Finance, Accounting, Facilities, and Technology.
  • Provide advisory services for mitigating risks associated with security assessments.
  • Communicate non-compliance and collaborate on remediation plans with control owners.
  • Provide assurance to management about state of compliance against Information Security requirements.
  • Work with internal and external auditors to address document requests and follow-up questions.
  • Develop and oversee control systems to prevent or deal with violations of legal guidelines and internal policies.
  • Evaluate the efficiency of controls and improve them continuously.
  • Revise procedures, reports etc. periodically to identify hidden risks or non-conformity issues.
  • Draft, modify and implement company policies.
  • Collaborate with corporate counsels and HR departments to monitor enforcement of standards and regulations.
  • Assess the business’s future ventures to identify possible compliance risks.
  • Review the work of colleagues when necessary to identify compliance issues and provide advice or training.
  • Keep abreast of regulatory developments within or outside of the company as well as evolving best practices in compliance control.
  • Prepare reports for senior management and external regulatory bodies as appropriate.
  • Analyze internal business systems to ensure compliance with industry regulations and ethical standards.
  • Create, modify, update and implement the company’s policies.
  • Develop risk management strategies.
  • Design control systems to address cases of violation of internal business policies.
  • Design ongoing training programs for employees of the business.
  • Liaise with other departmental heads to ensure that all business operations are in line with business policies.
  • Advise the top management on business operations relating to investment, risks and any other policy development.

QUALIFICATIONS:

  • Bachelor’s degree in information systems, Cybersecurity, or related field or equivalent work experience.
  • 8 – 10 years related experience auditing security frameworks (ISO, SOC, NIST).
  • Knowledge of risk management taxonomy, processes, analyses, and tools.
  • Experience mapping government regulations to Information Security frameworks.
  • Experience with documenting process flow charts, control mapping, and sample testing.
  • Excellent communication skills with the ability to manage walkthroughs with control owners and present reports to management.
  • Strong understanding of IT processes and controls such as access management, change management, IT operations, and System Development Life Cycle (SDLC) controls.
  • Excellent English written and verbal communication.
  • Strong organizational skills and attention to detail.
  • Demonstrate ability to work independently.
  • Certified Information Systems Security Professional (CISSP), ISO 27001 Lead Auditor, and/or CISA (Certified Information Systems Auditor) certification preferred.

SKILLS:

  • Oversight.
  • Ethics.
  • Risk Management.
  • Compliance Program.
  • Assessing business and operations’ risks.
  • Conduct audits to ensure adherence to standards.
  • Identifying compliance issues.
  • Ensuring written and verbal policies and regulations of an organization are kept in check.
  • Develop risk management strategies and processes.
  • Investigation of compliance procedures and necessary follow-up action.
  • Excellent Organizational Skills.
  • Proficient Communication Skills.
  • Effective Problem-solving.
  • Assessment & Interpretation
  • Critical Thinking Ability.
  • Creativity.
  • Integrity.
  • Strong People Skills.
  • Up-to-date Knowledge of Business technology and IT.