IT Sox department
Reports to Sr. Manager - IT Compliance
The Senior IT Contract Specialist role is to provide support within IT Compliance function to efficiently and effectively review and negotiate customer contracts, particularly dealing with IT related requirements including controls, cybersecurity, risk assessments, audits, etc. This position requires an understanding of IT risk, controls and frameworks to perform contract redlining and to suggest updates to contract language. Areas of required knowledge include risk assessments, IT policies/procedures, security technologies, logical access controls, operating systems and databases, backup and recovery procedures, change controls, encryption, network/firewall concepts, confidential information handling and general knowledge of regulatory requirements such as ISO, COBIT, NIST and NERC CIP. The position will handle agreements sourced globally (mostly US & Canada) and will work closely with Legal and business stakeholders as Compliance representative to ensure that capabilities are in place to comply, coordinate responses from relevant team and suggest compensating measure.
ESSENTIAL / NON-ESSENTIAL JOB FUNCTIONS
- Evaluates and assists Legal with negotiating / redlining contracts from a cybersecurity and IT audit perspective.
- Provides contract-related issue resolution, both internally and externally.
- Receives, reviews, tracks and provides reporting on contract review requests from Operating Units throughout the company.
- Communicates contract-related information and status updates to all stakeholders.
- Interacts with key business stakeholders and customers to discuss contractual requirements and provides general advice.
- Maintains and updates all contract templates.
- Works with team members and Legal personnel to identify areas of improvement in the contract process and implements necessary changes.
- Responsibility in contract negotiation, administration and management.
- Ability to understand technology and associated controls and audit requirements to identify issues.
- Responsible for the monitoring of overall adherence to the contractual requirements through regularly scheduled reviews of in-scope technical areas.
- Works with IT to close issues through oversight and review of remediation plans and accompanying evidence.
- Engages with IT control owners, including management, to review audit testing results and influence decisions.
- Reviews and provides guidance from compliance perspective across areas such as application controls, logical access controls, operating systems and databases, backup and recovery procedures, change controls, pre and post deployment assessments, perimeter security, network/application architecture and selected configuration management controls on technical platforms such as VPNs, VMWare, Windows Server 20XX, AIX-UNIX, Linux and Cisco firewalls.
- Adheres to internal standards, policies and procedures.
- Performs other duties as assigned.
EDUCATION AND EXPERIENCE REQUIREMENTS
Required Education and Experience:
- 4-year degree in MIS, Information Systems, Computer Science, Engineering or Accounting MS or MBA preferred.
- 7 – 10 years’ experience in IT Contract Reviews, IT Compliance, IT Audit, IT Security or IT related field.
Preferred Education and Experience:
- Exposure to two or more of the following areas:
- Performing contract reviews for IT/Cyber/Security requirements
- IT audits
- Regulatory compliance
- Developing policies and procedures
- Designing and implementing framework controls
- Risk assessments
- Risk questionnaires
LICENSES / CERTIFICATIONS
CISA, CIA, CPA, CISM, CISSP, MCP, MCSE, CCNA or applicable certification; at least 1 certification required.
Supervises others: No
Has hiring and terminating responsibilities: No
Number of employees report to this job: None
Percent of time: 15% - 25% of the time.
KNOWLEDGE / SKILLS / ABILITIES
Language Skills: English; Spanish language skills beneficial
Mathematical Skills: Advanced
Reasoning Skills/Abilities: Advanced
- Expertise in reviewing, drafting and negotiating contractual terms.
- Demonstrated analytical, technical and problem-solving skills.
- Awareness and ability to apply sound business judgment to provide pragmatic solutions.
- Solid understanding of technical aspects of InfoSec and general knowledge of InfoSec tools.
- Knowledge of security best practices and remediation techniques and systems.
- General knowledge of security and regulatory frameworks - NERC/CIP, ISO 27001, COBIT, NIST 800-53, etc.
- Stays up-to-date on changes to technology, internal policy and standards, and relevant regulatory programs and evaluates potential impacts on the risk and controls.
- General knowledge of cybersecurity aspects – encryption, access control systems, business continuity, physical security and security architecture.
- An in-depth understanding of IT audit methodologies, concepts, tools and objectives.
- Self-starter who is able to work independently while supporting the needs of the team.
- Excellent oral and written communication skills.
- Strong decision making skills.
- Ability to quickly learn and comprehend new and unfamiliar technical, industry and legal terminology.
- Comfortable interacting with all levels of management.
- Ability to handle multiple tasks simultaneously without sacrificing quality or service; thrive in a fast-paced, dynamic environment while managing shifting priorities.
How To Apply:
You will be directed to another website for application instructions.