IT Risk and Compliance Manager

Pay:  $105,000 – $150,000

The pay listed is the salary range for this position. Any specific offer will vary based on the successful applicant’s education, experience, skills, abilities, geographic location, and alignment with market data.

You may be eligible to participate in a Company incentive or bonus program.

Benefit Information:

ABM offers a comprehensive benefits package.  For information about ABM’s benefits, visit:

https://www.abm.com/wp-content/uploads/2023/11/2024-Recruitment-Staff-Mgmt-11.6.23.pdf

Essential Functions:

• Manage, assign, and prioritize activities of the IT Risk and Compliance teams that are responsible for evaluating security risk and exposure, control design, testing and remediation tracking. 
• Function as the primary point of contact for IT audit coordination, including but not limited to SOX, cyber assessments, ISO 27001, etc.
• Provide oversight of risk assessment, third-party vendor assessment, and data protection impact assessment processes while partnering with IT procurement and Legal to safeguard the organization against undue risk and drive continuous improvements.
• Ensure supporting documentation such as IT risk and control matrix (RACM), process narratives, standards and procedures are maintained.
• Maintain internal assessment toolkits used for testing and validation procedures.
• Ensure accurate records and reporting of IT Risk and Compliance activities are maintained, such as risk register, audit report findings, and remediation plans.
• Mature risk management practices, ensuring processes are reviewed regularly and supporting documentation is updated.
• Collaborate with key stakeholders across the organization to understand their plans, risk posture and tolerance, and how to best support their vision and business obligations with security and risk in mind.
• Oversee the Exception Management life cycle, including but not limited to ensuring documentation such as procedures are maintained, team members are trained on the process, and improvement opportunities are identified.
• Collaborate with Information Security leadership, technology teams, legal compliance, and internal audit to drive continuous improvement of IT risk and compliance processes and practices.
• Develop and report on risk and compliance metrics for leadership.

Required Qualifications:

Education: 

• Bachelor’s degree in Information Technology, Computer Science preferred.

 

Experience: 

• 3-5 years in IT Risk Management, IT Compliance, and/or Information Security in a regulated industry.
• Strong understanding of regulatory requirements (e.g., SOX, GDPR, HIPAA, PCI), industry standards (e.g., ISO 27001/2, ITIL, or NIST), and best practices in IT governance and compliance.
• Familiarity with IT security principles, technologies, and methodologies.
• Proven experience in conducting risk assessments and developing risk mitigation strategies.
• Experience with conducting IT audits and auditing tools and techniques.
• Administration and/or familiarity with network and host configurations, application security, cloud services, third-party risk management and role-based access.
• Proficiency in compliance management software / GRC tools.
• Understanding of vulnerability and configuration management, and familiarity with a variety of technologies and applications.
• Attention to detail and ability to work independently with little supervision.
• Effective communication and interpersonal skills with the ability to collaborate with stakeholders at all levels of the organization.
• Excellent analytical, problem-solving, and decision-making skills.
• Ability to present ideas in business-friendly and user-friendly language.
• Excellent organizational and time management skills, with the ability to multi-task and prioritize work.
• Strong level of experience using the MS suite of products.

Preferred Qualifications:

Experience: 

• Prior team leadership experience preferred. 
• Ability to adapt in a fast-paced and dynamic environment with a proactive mindset.

 

Certifications: Professional certification such as: CRISC, CISSP, CISA, CGEIT, GCCC, GSEC and GISP.