IT Audit Manager

IT Compliance Manager (3 days on site Financial District NYC)

Job Summary:

The IT Compliance Manager is responsible for ensuring that the organization adheres to all relevant legal, regulatory, and internal policy requirements. This role includes significant involvement with the IT security team to ensure that compliance and security measures align and support the overall protection of the organization's data and systems.

Key Responsibilities:

Compliance Management:

• Develop, implement, and maintain compliance policies and procedures in accordance with relevant laws and regulations.
• Conduct regular audits and assessments to ensure compliance.

Coordination with IT Security:

• Coordinate with firm personnel to facilitate cyber risk analysis and risk management processes and identify acceptable risk based on information classification and needed protection.
• Provide support for compliance with ISO 27001 certification, including collection and organization of artifacts with Information Technology Teams.
• Perform periodic security assessments on third-party vendors and ensure that security risks with the potential of causing material harm to the company are properly documented and remediation is tracked.
• Assist in the development and reporting of the Firm Risk Register for executive leadership review.
• Execute the Security Awareness program, including periodic user education and anti-phishing campaigns.
• Work across various business areas to evaluate whether security risks to the company are identified and minimized and acceptable internal controls and procedures are followed.
• Ensure that user access to information assets is provisioned, managed, and terminated as required.
• Maintain documentation of security standards, procedures, processes, and guidelines

Policy and Procedure Management:

• Coordinate the writing, review, and finalization of company policies, standards, procedures, and guidelines.

Audit Support:

• Work on external client audits to provide evidence artifacts and other supportive documentation as applicable.

Collaboration:

• Collaborate with technical teams (e.g., HR, IT, Applications, and Desktop Support) during the strategic planning and implementation of new business initiatives.

Qualifications:

• Bachelor’s degree from an accredited university in CS, IT, CIS, or equivalent work experience.
• GIAC, CEH, CompTIA Security +, IAPP GDPR, CompTIA CySA+, or DGSP certification a plus.
• Experience in understanding and implementing ISO 27001 controls preferred.
• Experience with host and network security technologies such as firewalls, proxies, and operating systems.
• Experience with Microsoft Active Directory and AD auditing tools.
• Knowledge of application and network security.
• Experience communicating conceptual and technical information.
• Experience translating technical data into business impact information.
• Ability to manage timelines and meet tight deadlines.
• Detail-oriented with excellent oral and written communication skills.
• Ability to manage and prioritize multiple tasks.
• Excellent interpersonal skills needed to work with various levels of technical and managerial staff members.
• Self-motivated, constructive, and positive attitude.
• Strong analytical and problem-solving skills.
• Ability to present data in a consistent and clear manner.

Salary range: $130,000-$160,000 base depending on experience

The Phoenix Group Advisors is an equal opportunity employer. We are committed to creating a diverse and inclusive workplace and prohibit discrimination and harassment of any kind based on race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, genetic information, disability, or veteran status. We strive to attract talented individuals from all backgrounds and provide equal employment opportunities to all employees and applicants for employment.