IT Security Manager

IT Security Manager Primary Purpose of the Role To manage and advance the IT security, risk and audit compliance program including planning, scheduling, coordinating, reviewing and reporting of the work of the department; to supervise, coach and train staff; to develop procedures and audit programs and policies; to represent Sedgwick IT to clients, carriers and external stakeholders; and to assist IT management on projects as needed. Responsibilities Perform advanced, specialized and/or managerial IT compliance work in the areas of regulatory compliance, data security and protection, risk assessment and risk mitigation; manage complex audits both internally and externally including third‑party vendor audits and client‑initiated IT audits; perform critical project‑management duties in the planning, scheduling, coordinating, reviewing and reporting of the work of IT compliance teams; and provide expertise in IT compliance standards and performance criteria, data security requirements and information technology skills. Develop and maintain productive internal and external stakeholder relationships; communicate with company management, clients, carriers, vendors and other stakeholders as needed during IT compliance activities. Directly interact with clients, carriers and other external stakeholders in critical or sensitive communications regarding IT compliance and security. Respond to client, carrier and legal counsel inquiries regarding IT compliance and security matters. Responsible for teaching, training and coaching staff and for creating appropriate awareness programs within IT and the enterprise. Develop procedures, schedules, priorities and programs for achieving IT compliance objectives and goals; recommend and execute new policies at department and enterprise levels. Prepare audit and compliance reports, analysis and recommendations using advanced writing skills. Assess risk factors to identify high‑risk areas within IT; develop risk remediation plans and manage related projects to completion. Identify and communicate changes in professional and industry standards, laws, guidelines and audit requirements to department and enterprise personnel. Consult with and advise administrators, management and staff on various operational control issues related to computerized information systems; attend and/or conduct internal and external meetings; and lead recruitment and hiring of IT audit, compliance and security colleagues. Attend, present and/or participate in continuing professional education classes and training courses. Follow up on audit findings to ensure that management has taken corrective action(s). Assist and train other audit staff in the use of computerized audit techniques and in developing methods for review and analysis of computerized information systems. Maintain a broad knowledge of state‑of‑the‑art technology, equipment, and/or systems. Conduct or supervise IT operational, compliance, financial and investigative audits as required. Manage IT compliance budget; recommend and manage commitment of IT budget funds where appropriate for compliance and risk‑management purposes. Additional Functions and Responsibilities Perform other duties as assigned. Support the organization's quality program(s). Travel as required. Administrative Responsibilities Administer company personnel policies in all areas and follow company staffing standards and training recommendations. Interview, hire and establish colleague performance development plans; conduct colleague performance discussions. Provide support, guidance, leadership and motivation to promote maximum performance. Qualifications Bachelor's degree from an accredited college or university required. MBA or relevant Master’s degree with a major in accounting or information technology field strongly preferred. At least two of the following credentials required (additional credentials are preferred): Certified Public Accountant (CPA), Certified Internal Auditor (CIA), Certified Information System Security Professional (CISSP), or Certified Information Systems Auditor (CISA) designation. Ten (10) years of information technology, accounting or closely related industry experience, or an equivalent combination of education and experience, is required. This should include four (4) years of project‑management and/or supervisory experience in a team environment. Excellent understanding of internal control and data security concepts and their applications. Excellent knowledge of IT compliance frameworks (i.e. SSAE 16 and ISO 2700x frameworks at minimum). Excellent knowledge of IT risk management, risk mitigation, data protection and security, and investigation procedures. Solid knowledge of Sarbanes‑Oxley Act provisions and methodologies for achieving compliance. Excellent oral and written communication, including presentation skills. PC literate, including Microsoft Office products. Creative and analytical approach to problem solving. Excellent detail orientation, time management skills and organization skills. Excellent interpersonal skills and ability to work with various levels within the organization. Ability to maintain confidential information in a professional manner. Ability to maintain professional demeanor in times of high stress. Ability to manage multiple projects and set priorities. Ability to work in a team environment and independently. Ability to meet or exceed performance competencies. Work Environment Requirements Physical: Computer keyboarding Auditory/visual: Hearing, vision and talking Mental: Clear and conceptual thinking ability; excellent judgement and discretion; ability to meet deadlines Sedgwick is an Equal Opportunity Employer and a Drug‑Free Workplace. #J-18808-Ljbffr Hispanic Alliance for Career Enhancement