Audit / Risk / Compliance Manager
Position summary:
The Risk, Audit, and Compliance Manager (IT Infrastructure and Operations) will focus on coordinating and managing the resolution of audit findings, risk mitigation actions, and compliance requirements within the IT Infrastructure and Operations department. This role involves establishing and maintaining a governance framework and processes to ensure timely and effective resolution of audit findings and continuous compliance with relevant standards and regulations. The role is strategic and operational, requiring a proactive approach to collaborating with internal teams to drive adherence to policies and regulatory requirements.
Responsibilities:
· Governance Framework Development:
- Design and implement a governance framework specific to IT Infrastructure and Operations to track, manage, and resolve audit findings, risks, and compliance issues.
- Develop policies, procedures, and best practices for managing risk, audit, and compliance activities within the department.
- Ensure alignment of IT Infrastructure and Operations governance practices with overall corporate governance policies and regulatory requirements.
· Audit Findings Management:
- Coordinate with IT teams to ensure timely resolution of internal and external audit findings related to infrastructure and operations.
- Maintain a centralized database or tool to track all audit findings, action plans, deadlines, and statuses.
- Act as the primary liaison between the IT Infrastructure and Operations department and internal/external auditors, ensuring clear communication and follow-up on outstanding audit issues.
· Risk Mitigation Coordination:
- Identify and prioritize risks in collaboration with IT teams, focusing on those that impact infrastructure and operations.
- Work with IT stakeholders to develop, implement, and monitor risk mitigation plans.
- Regularly review and update the risk register, ensuring that risk owners are accountable for mitigation activities.
· Compliance Monitoring and Facilitation:
- Ensure IT Infrastructure and Operations activities comply with relevant regulations, standards, and internal policies (e.g., GDPR, ISO 27001).
- Collaborate with compliance and legal teams to understand regulatory changes and communicate these requirements to IT teams.
- Develop and maintain a compliance dashboard that provides real-time visibility into compliance status across IT infrastructure and operations.
· Stakeholder Engagement and Communication:
- Engage with IT leadership and other stakeholders to provide updates on the status of audit findings, risk mitigation efforts, and compliance activities.
- Facilitate regular meetings and working sessions with IT teams to discuss progress on action items and identify any obstacles to resolution.
- Prepare and present reports for senior management on audit findings, risk status, and compliance matters.
· Process Improvement and Best Practices:
- Identify opportunities for process improvements within the IT Infrastructure and Operations department to enhance risk management, audit resolution, and compliance.
- Develop and implement standard operating procedures (SOPs) to streamline the handling of audit findings and risk mitigation activities.
- Promote a culture of proactive risk management and compliance awareness within the IT Infrastructure and Operations teams.
· Training and Awareness:
- Develop and deliver training and awareness programs to educate IT Infrastructure and Operations staff on governance processes, risk management, and compliance requirements.
- Ensure that all team members understand their roles and responsibilities regarding risk, audit findings, and compliance.
Qualifications:
- · Bachelor’s degree in Information Technology, Cybersecurity, Business Administration, or a related field.
- · A Master’s degree or relevant certifications (such as CRISC, CISA, CISSP, or ITIL) is a plus.
- · 5-7 years of experience in IT risk management, audit coordination, or compliance, with a focus on IT infrastructure and operations.
- · Strong understanding of IT infrastructure (networks, servers, storage, cloud services) and related compliance requirements.
- · Excellent coordination and project management skills, with experience in managing multiple priorities.
- · Strong analytical and problem-solving skills with a focus on identifying and managing risks.
- · Effective communication and interpersonal skills for engaging with both technical and non-technical stakeholders.
- · Familiarity with compliance and regulatory frameworks (e.g., NIST, COBIT, ISO 27001) related to IT infrastructure.
- · Proficiency in using tools and platforms for audit management, risk tracking, and compliance monitoring.
- · Experience in coordinating the resolution of audit findings and risk mitigation plans within IT environments.
- · Background in managing compliance activities specific to IT infrastructure and operations is a plus
- · Familiarity with internal control frameworks and governance models for IT departments.