Manager IT Compliance

Our employees are our company's greatest asset - they are our real competitive advantage. We possesse immense power of innovation, immagination and a desire to attract and retain the best; provide them with encouragement, stimulus, and make them feel that they are an integral part of the company's mission.

Experience: At least 6-10 years of experience in IT Governance, Risk or Compliance Role.

Job Responsibilities

• Develop, implement, and maintain an effective IT Governance, Risk, and Compliance (GRC) framework aligned with industry best practices (e.g., COBIT, ISO 27001, NIST).
• Ensure the framework addresses all key areas of IT risk, including but not limited to: cybersecurity, data privacy, business continuity, and compliance with relevant regulations.
• Conduct thorough and ongoing risk assessments, including:
• Risk identification and analysis
• Risk evaluation and prioritization
• Development and implementation of effective risk mitigation strategies and controls.
• Monitor and evaluate the effectiveness of existing Risk controls and make necessary adjustments.
• Work closely with business units and IT teams to identify and address emerging risks.
• Develop and maintain a comprehensive IT compliance program that ensures adherence to all relevant laws, regulations, and internal policies.
• Conduct regular compliance audits and assessments to identify and address any gaps or deficiencies.
• Monitor and report on the status of compliance initiatives to senior management.
• Oversee the incident response process, including:
• Timely identification and logging of security incidents.
• Investigation and analysis of security incidents.
• Coordination of incident response activities across relevant teams.
• Implementation of corrective and preventive actions.
• Conduct regular reviews of incident response procedures and make necessary improvements.
• Collaborate with internal and external auditors to ensure compliance with relevant standards and regulations.
• Prepare for and participate in audits, including data collection, evidence gathering, and remediation of audit findings.
• Follow up on audit findings and ensure timely and effective resolution of issues.
• Ensure that all IT changes are properly assessed, approved, and implemented in accordance with established change management procedures.
• Monitor and review the effectiveness of the change management process and make necessary improvements.
• Communicate IT risk and compliance information effectively to senior management, stakeholders, and other relevant parties.
• Prepare and deliver regular reports on the status of GRC initiatives, including key metrics and performance indicators.
• Raise awareness of IT Governance, risks and compliance requirements across the organization through training and other communication channels.
• Continuously evaluate and improve the effectiveness of the GRC framework and related processes.
  
  

Qualification And Experience

• Bachelors / master’s degree in computer science or related field.
• At least 6-10 years of Experience, preferably in IT Governance, Risk or Compliance
• Must have Certifications of ISO 27001 and CRISC. Other relevant certifications may include CISM or CISP or CISA is a plus.
• Knowledge of COBIT framework and its application to risk management is desirable.
  
  

KE provides equal employment opportunity (EEO) to all persons regardless of age, color, origin, physical or mental disability, race, religion, creed, gender, marital status, status with regard to public assistance or any other characteristic protected by federal, state or local laws.