IT Governance and Compliance Specialist

The Risk Management and Compliance Specialist will oversee the coordination and management of audit findings, risk mitigation actions, and compliance requirements within the IT Infrastructure and Operations department.

Establishing and maintaining a governance framework is crucial to ensure timely and effective resolution of audit findings and continuous compliance with relevant standards and regulations.

This strategic role requires a proactive approach to collaborating with internal teams to drive adherence to policies and regulatory requirements.

You will be tasked with developing and implementing a governance framework specific to IT Infrastructure and Operations to track, manage, and resolve audit findings, risks, and compliance issues.

Designing policies, procedures, and best practices for managing risk, audit, and compliance activities within the department is essential.

It is vital to ensure alignment of IT Infrastructure and Operations governance practices with overall corporate governance policies and regulatory requirements.

In terms of audit findings management, you will coordinate with IT teams to ensure the timely resolution of internal and external audit findings related to infrastructure and operations.

Maintaining a centralized database or tool to track all audit findings, action plans, deadlines, and statuses is crucial.

As the primary liaison between the IT Infrastructure and Operations department and internal/external auditors, clear communication and follow-up on outstanding audit issues are key responsibilities.

Identifying and prioritizing risks in collaboration with IT teams, focusing on those that impact infrastructure and operations, is part of your role in risk mitigation coordination.

Working with IT stakeholders to develop, implement, and monitor risk mitigation plans is essential, as is regularly reviewing and updating the risk register to ensure accountability for mitigation activities.

In terms of compliance monitoring and facilitation, you will need to ensure that IT Infrastructure and Operations activities comply with relevant regulations, standards, and internal policies such as GDPR and ISO 27001.

Collaborating with compliance and legal teams to understand regulatory changes and communicate these requirements to IT teams is vital.

Developing and maintaining a compliance dashboard to provide real-time visibility into compliance status across IT infrastructure and operations is also part of your responsibilities.

Engaging with IT leadership and other stakeholders to provide updates on the status of audit findings, risk mitigation efforts, and compliance activities is essential.

Facilitating regular meetings and working sessions with IT teams to discuss progress on action items and identify any obstacles to resolution is crucial.

Preparing and presenting reports for senior management on audit findings, risk status, and compliance matters is a key aspect of your role.

You will be expected to identify opportunities for process improvements within the IT Infrastructure and Operations department to enhance risk management, audit resolution, and compliance.

Developing and implementing standard operating procedures (SOPs) to streamline the handling of audit findings and risk mitigation activities is important.

Promoting a culture of proactive risk management and compliance awareness within the IT Infrastructure and Operations teams is also part of your responsibilities.

• A Bachelor's degree in Information Technology, Cybersecurity, Business Administration, or a related field
• A Master's degree or relevant certifications (such as CRISC, CISA, CISSP, or ITIL)
• 5-7 years of experience in IT risk management, audit coordination, or compliance, with a focus on IT infrastructure and operations
• Strong understanding of IT infrastructure and related compliance requirements
• Excellent coordination and project management skills
• Strong analytical and problem-solving skills with a focus on identifying and managing risks
• Effective communication and interpersonal skills for engaging with both technical and non-technical stakeholders
• Proficiency in using tools and platforms for audit management, risk tracking, and compliance monitoring