ICT Compliance Team Lead 9/15/2016
JOB DESCRIPTIONAPPLY Position Summary: The Information Technology ( IT ) Compliance Team Lead plays a consultative role within the Information and Communications Technology ( ICT ) organization to ensure applications and systems stay compliant with Crawford s IT policies and standards. The IT Compliance Team Lead will plan and execute IT control improvement/development projects, and facilitate and provide project direction related to IT operations and security process improvements that may include policy development, risk assessment, process documentation, compliance monitoring, vulnerability remediation tracking, project management, and execution.
* Exemplifies a strong subject matter expertise of IT audit areas, including risk assessment and identification of effective IT controls.
* Assists with the development, implementation and management of certification and compliance of the ICT Division s compliance with IT General Controls (ITGCs), and other laws and regulations governing the Company.
* Identifies and leads compliance testing, controls assessment and documentation across all domains for ITGCs, PCI-DSS, Data Privacy, HIPAA and other compliance requirements, as applicable.
* Begins to lead the efforts with the ICT Security, Infrastructure and Application teams to evaluate the design and effectiveness of the IT control environment and to develop and track the status of remediation efforts.
* Facilitates and coordinates with internal and external IT auditors.
* Works with ICT, Internal Audit, Legal and HR management teams as required, including assisting with overseeing annual external ITGC audits, external client audits, and other audits as required.
* Prepares accurate, timely communications to ICT Leadership and impacted management to discuss identified deficiencies, leading practices and recommendations for implementation of modifications to improve compliance and mitigate risk.
* Reviews testing and analyses performed, monitors evidence gathering for IT control reviews, evaluates results, and confirms conclusions about the adequacy of IT controls. Reviews the work performed and conclusions according to departmental standards.
* Confirms the preliminary results of IT control assessments and conclusions made by the auditor or based on the evidence provided and confirms the facts of the findings. Identifies solution options with the ICT Compliance Manager for discussion with Company management.
* Assists ICT leadership in responding to internal and external queries regarding the IT control environment.
* Assists in supervising, coaching, training and monitoring ICT Compliance staff. Reviews the work of staff for sufficiency of scope, accuracy and completeness.
* Identifies and generates ideas for improvement in the department s procedures and work processes, including new and more efficient applications of technology in completing work.
* Performs other job responsibilities and duties as assigned by Management.
Upholds the Crawford Code of Conduct.
* Bachelor s degree in information systems, computer science, accounting or a business-related field.
* Four or more years of experience performing IT control assessments or related IT compliance experience.
* Certification(s) as a Certified Information Systems Auditor ( CISA ), Certified Public Accountant ( CPA ), Certified Internal Auditor ( CIA ), or Certified Fraud Examiner ( CFE ) or other relevant certification
* Experience performing IT control assessments over one or more of the following technical areas: Mainframe, UNIX, Windows, SQL Server, Oracle DB, or a major ERP
* Experience supervising IT control reviews and familiarity with security, vulnerability, penetration tests, or assessments and evaluations.
* General working knowledge of IT processes, risks, and controls in the computer operations, system development, change control, and security functions.
* Familiarity with information technology frameworks, guidelines, and standards such as COSO, COBiT, ISO 27001/27002, etc.
* Knowledge and experience with Sarbanes-Oxley ( SOX ) and risk-assessment practices, and identifying and testing IT General Controls ( ITGCs ) in a variety of technical environments, including mainframe, Unix, Windows, Oracle databases, SQL databases, etc.
* Ability to interpret and clearly document IT threats, risks and impacts to all levels of the organization.
* Ability to travel.
* Knowledge of regulations, policy, standards, procedures or other requirements which requires IT compliance. (e.g. PCI-DSS, Data Privacy, HIPAA) Experience.
* Experience using automating audit/assessment tools.
* Experience performing IT control assessments over one or more of the following technical areas: Mainframe, UNIX, Windows, SQL Server, Oracle DB, or a major ERP application (e.g. PeopleSoft or Lawson).
* Experience working with SharePoint.
Based in Atlanta, Ga., Crawford & Company (www.crawfordandcompany.com) is one of the world's largest independent providers of claims management solutions to the risk management and insurance industry as well as self-insured entities, with an expansive global network serving clients in more than 70 countries. The Crawford Solution offers comprehensive, integrated claims services, business process outsourcing and consulting services for major product lines including property and casualty claims management, workers compensation claims and medical management, and legal settlement administration. The Company s shares are traded on the NYSE under the symbols CRD-A and CRD-B.
In addition to a competitive salary, Crawford offers you:
* Career advancement potential locally, nationally and internationally. Crawford & Company has more than 700 locations in 70 countries
* On-going training opportunities through every stage of your career
*Strong benefits package including matching 401k; health, dental, and life insurance; employee stock purchase plans; tuition reimbursement and so much more.
Crawford & Company participates in E-Verify and is an Equal Opportunity Employer. M/F/D/V
Crawford & Company is not accepting unsolicited assistance from search firms for this employment opportunity. All resumes submitted by search firms to any employee at Crawford via-email, the Internet or in any form and/or method without a valid written Statement of Work in place for this position from Crawford HR/Recruitment will be deemed the sole property of Crawford. No fee will be paid in the event the candidate is hired by Crawford as a result of the referral or through other means.