As an employee, you Turn Change Into Value® - for our clients, for our company, for your professional growth, for the consumers. We hire the best and brightest, who are driven to create lasting value. At xScion, you aren't just another team member, you're impactful. You're empowered. You're driven. You're an xScioneer.
Location: United States (Remote)
This position will contribute to monitoring and maintaining a strong internal controls environment and strive toward continuous improvement. Additionally, this position will assist with developing, maintaining, enhancing, and executing our GRC program including identifying, assessing, and mitigating potential cyber security risks This position is a team-oriented leadership role responsible for collaborating on auditing IT general controls, application security, and process controls on various IT projects including digital transformation.
This position will report to the Chief Information Security Officer. The role will interact with IT management/leadership/staff and other divisions/offices leadership/staff.
As a Senior Cyber Risk and Controls Consultant, You Will:
- Contribute to creating a strong internal control environments
- Leverage expert IT audit knowledge to assess relevance of gaps in current processes/controls and potential exposures/impact to the organization overall
- Provide technical expertise to evaluate the design of internal control activities, optimizing and updating key controls, controls testing, and ensuring control documentation reflects a high level of quality
- Develop, enhance, and operationalize enterprise-level policies, processes, and controls to mitigate risk.
- Drive compliance with applicable laws and regulations.
- Perform activities to monitor and assess governance processes, cyber risk, and compliance controls on an ongoing basis.
- Work closely with the operational departments to develop and monitor cybersecurity metrics
- Collaborate with key stakeholders to review projects, business critical systems, and related data to advise on risk treatment.
- Coordinate, conduct, and act as primary contact for all internal and external audits (cyber security & compliance).
- Identify, track, monitor, and report on SOX IT General Controls and other compliance requirements.
- Provide improvement recommendations to stakeholders as appropriate.
- Design and implement an enterprise cyber risk governance framework, processes and stakeholder engagement strategy tailored to our organization's specific needs and requirements.
- Operationalize cyber risk governance to ensure seamless integration into daily operations and decision-making processes.
- Influence stakeholder adoption of cyber risk management standards.
- Develop and implement performance metrics to measure the effectiveness of cyber risk governance activities
- Educate employees on risk management principles, processes, and their responsibilities; foster a cyber risk-aware culture within the organization by promoting awareness and understanding of cyber risk management across all levels.
- Drive continuous improvement initiatives to enhance the efficiency and effectiveness of cyber risk governance processes.
- Conduct comprehensive cyber risk assessments of information systems, applications, 3rd parties and processes to identify potential vulnerabilities, threats, and impacts
- Analyze and prioritize cyber risks based on their potential impact on the organization’s operations, data, and reputation
- Keep abreast of industry trends, regulatory developments, and emerging technologies to innovate and evolve our cyber risk governance capabilities.
- Oversee the creation of a cyber risk register and cyber risk reports to facilitate risk reduction.
- Collaborate with cross-functional governance teams/risk management owners to ensure mitigation implementation strategies are appropriately established and accountability holders are held responsible.
- Establish and implement best practices for incorporating cybersecurity policy, identifying cyber risk ownership, or incorporating contractual language as needed into our portfolio of projects and/or contracts.
- Draft high quality concise and accurate project summaries or communication materials including formal memo
- Special projects and other duties as required.
To Be Successful, You Need:
- Bachelor’s degree in IT/Technology, Accounting, or Business-related legal field.
- Current certification in one or more of the following: CISSP, CISA, CISM, CRISC, CCAK, or CCSP
- 12 years of experience in IT General Controls, Cyber Risk Management, and Cyber Security Governance with experience assessing IT controls and process improvement
- Big 4 and public accounting firm experience.
- 10+ years of recent experience in external audit or IT audit in the areas of IT general controls, SDLC, and process controls exhibiting progressive responsibility
- Must have experience with assessment and testing of IT general controls and IT control testing of applications, databases, and end user computing schedules.
- Strong background in all cyber security control areas, e.g., cloud, network, data, operating system, API, and identity management security.
Preferred:
- Experience initiating and/or managing programs or projects in an ambiguous environment
- The ability to balance business interests with the need for compliance standards.
- Expertise in compliance standards, e.g., SOX, ISO 27001, SOC1/2, SSAE 16, NIST CSF and GDPR.
- Strong understanding and experience in enabling GRC solutions and common control framework for data regulations.
- Excellent process improvement skills.
- Ability to work independently in a fast-paced environment and handle multiple complex & confidential tasks.
- Excellent communication, interpersonal skills and attention to details & deadlines.
- Experience with GRC tools such as Service Now, Riskonnect, OneTrust, AuditBoard, ZenGRC, Diligent, etc.
- Experience establishing cybersecurity governance processes
Why xScion?
- We have an amazing culture– We were named a Best Places to Work in Virginia 7 times, including 2023.
- We are poised for rapid growth– We are on the cutting edge of digital transformation in Financial Services, Healthcare, Nonprofit and Public Sector and continuously welcome new clients to the xScion family.
- We believe in your continuous development– We invest in our teams’ development, including our Communities of Practice, technology partnerships, sandbox and paying for certifications and trainings to improve their skills because we are committed to collectively being the best at what we do.
- We want you to make an impact in whatever you do– Our people are given the opportunity to provide impactful change to our clients and team.
- We believe in equality - As a woman-owned organization, we believe in an inclusive and diverse culture where everyone’s uniqueness makes us stronger.
- Great Benefits: Medical, dental, 401(k) match, flexible spending and more, but we also have unique perks such as up to 27 days off a year (including your birthday!), remote work opportunities, parental leave, wellness benefits and many other things that inspire balance and flexibility.
We’re Transforming RegTech Organizations:
At xScion, we Turn Change Into Value. We help clients in highly regulated industries start or accelerate their digital transformation initiatives by shifting their mindset and goals into smaller, actionable steps that create lasting value. With more than 20 years of experience supporting Regulatory Technology (RegTech), xScion provides both domain experts and tailored solutions to help organizations navigate complex compliance and technology requirements. We specialize in Business Agility, Cloud Transformation and Organizational Change Management solutions for clients in Financial Services, Public Sector, Nonprofits and Healthcare. Our experts help prepare and create change to clients’ processes, technology and culture in order to improve operational efficiencies and the customer experience. As a certified Woman-Owned Small Business, we are proud to be the most trusted solutions partner that business and technology leaders count on to deliver lasting, impactful value.
All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or protected veteran status. xScion takes affirmative action in support of its policy to employ and advance in employment individuals who are minorities, women, protected veterans and individuals with disabilities.
You will be added to our talent community when you apply to this job. You may opt out at any time.
Want to Learn More about xScion?
Check us out on www.xscion.com or socially at LinkedIn, Twitter and Glassdoor.