IT Compliance Coordinator

Job DescriptionJob Description

IT Compliance Coordinator:

Fully Remote (Must reside in approved State, see list below)

Pay: $28-31 per hour

Previous experience in IT Compliance required (see description for details)

As an IT Compliance Coordinator, you will support the ongoing management of the ITS Compliance program, including but not limited to IT Service Management, IT Risk Assessment/Management, Data Privacy, Business Continuity (BC), Disaster Recovery (DR), IT General Controls (ITGC), and Compliance Audits. You will monitor the organization’ activities impacted by regulatory requirements and support organization’s compliance and risk posture as it relates to overall company assets. Additionally, you will implement demonstrated best practices from a Compliance/GRC perspective, while continually identifying points of risk and vulnerability within the organization and performing periodic testing to ensure program effectiveness as well as coordinating subsequent remediation. Moreover, you will provide company-wide direction, project management, and documentation for all aspects of the IT GRC framework.

Job Responsibilities:

• User Access Reviews- Conduct quarterly User Access Reviews throughout the organization in compliance with the SOX control.
• Inactive Accounts Reviews- Conduct Inactive accounts review every 90 days across the organization and determine next steps to mitigate risk emerging through inactive accounts (disable/ delete).
• Service Account Reviews and Password changes- Conduct Service Account Reviews for 400+ accounts yearly to ensure compliance and prevent unauthorized usage.
• Terminations- Removing application access for terminated employees
• Termed employee new POC and assignment- Research new POCs to replace terminated employees Distribution list, User Access Review POC, Service Account Owner etc
• ServiceNow CMDB updates (Servers, Interfaces, application pages) The ServiceNow CMDB (Configuration Management Database) is updated semi-annually to maintain data accuracy and completeness, aiding audit teams in selecting appropriate populations for testing the following SOX controls:

1. Patching (Servers)

2. Backup & Recovery (Servers)

3. Interface Monitoring (Interfaces/Batch Processes/Job Scheduling)

• Vendor Risk Management – Manage vendors providing critical business services. Coordinate SOC reports and other compliance activities. Build reports to track progress.
• General IT Controls and Audit Support: Assist in coordinating, testing, improving, and filing results including but not limited to:

o User Access Reviews (UAR)

o User Access Management

o Vendor Risk Management

o ITGC documentation and operating procedures

o SOX 404 Reviews and Testing

o SSAE 18 SOC Internal and External Reviews

o Compliance certifications – including HIPAA/HITRUST, PCI-DSS, CMMC, etc.

Corporate Responsibilities:

Internal Control responsibilities vary by role and are subject to change. Please discuss your individual internal control responsibilities with your immediate supervisor on a regular basis.

· Handle confidential matters and information professionally.

· Conduct business in a professional, competent, and ethical manner.

· Adhere to corporate policies and procedures.

Job Knowledge/Skills:

• Working knowledge and strong interest of Governance Risk and Compliance, IT Service/Risk Management, and IT Audit concepts
• Ability to follow-up, work cross-functionally and collaboratively across all business lines to ensure completion of tasks and assignments

· Excellent attention to detail, ability to multi-task, and strong follow-up skills

· Strong customer-focused and results-oriented attitude

· Excellent written and verbal communication skills

· Adept in use of Microsoft Office, Internet, and email; MS Project and Visio are a plus

· Willingness to travel as needed (10-20% travel per month may be required)

· Willingness to perform keyboard intensive work 90% of the time

Education and Experience:

· Bachelor’s degree or equivalent experience.

· 0-2 years of working knowledge in GRC Analysis, Business Continuity, Disaster Recovery, and IT General Controls for a medium-to-large company including processes and tools; experience in a publicly held corporation

· Technical Certifications including ABCP, CBCP, CISA, CISM, CRISC, PMP, COBIT, COSO, ITIL and/or other relevant vendor certifications are a plus

· Working knowledge of Incident Management systems and IT Service Management frameworks is a plus (Service Now, Remedy, etc.)

· Working knowledge of ServiceNow; Everbridge and FusionRM software is a plus

· Experience with compliance frameworks is a plus (CMMC, PCI/DSS, HIPAA, SOC1/2, etc.)

Must reside in one of these US States:

• Alabama
• Alaska
• Arizona
• Arkansas
• Connecticut
• Delaware
• Florida
• Georgia
• Hawaii
• Idaho
• Illinois
• Indiana
• Iowa
• Kansas
• Kentucky
• Louisiana
• Maine
• Michigan
• Minnesota
• Mississippi
• Missouri
• Montana
• Nebraska
• New Hampshire
• New Mexico
• North Carolina
• North Dakota
• Oklahoma
• Oregon
• South Carolina
• South Dakota
• Tennessee
• Texas
• Utah
• Virginia
• West Virginia
• Wisconsin
• Wyoming