Under the direction of management, the incumbent coordinates and performs PPS security assessment functions and control testing reporting and activities in accordance with PPS Internal Controls compliance, regulatory and departmental policy and procedures. The IT GRC Specialist updates and maintains control matrices, collects and evaluates control evidence, develops and maintains reports and provides GRC recommendations for managements consideration. This position ensures compliance with PPS internal controls, regulatory and information security policies and procedures. The incumbent works with internal audit, external audit firms, and regulatory agencies to provide supportive documentation as applicable. The IT GRC Specialist takes a lead role in ensuring the security of all protected information collected, used, maintained, or released by PPS.
, Requirements,
Education
- A Bachelors degree in information technology/systems, auditing, computer science, computer/electronic engineering or related field with at least 5 years information technology experience, of which 3 years must be in IT GRC;
- Developing and implementing enterprise governance, risk, and compliance strategy and solutions;
- Developing, testing and reporting on IT Controls
- Maintaining and supporting IT Governance control framework
- ITGC, SOX/MICS experience
- Security project management and planning;
- Defining problems, collecting and analysing data, establishing facts and drawing valid conclusions;
- Using judgment and ingenuity in maintaining objectives and technical standards;
- Applicable information security management, governance, and compliance principles, practices, laws, rules and regulations;
- Information technology systems and processes, network infrastructure, data architecture, data processes, and protocols;
- Cyber and cloud security standard frameworks, architecture, design, operations, controls, technology, solutions, and service orchestration;
- Information systems auditing, monitoring, controlling, and assessment process;
- Incident response management;
- Risk assessment and management methodology.
- Implements security controls, risk assessment framework, and program that align to regulatory requirements, ensuring documented and sustainable compliance that aligns and advances PPS business objectives.
- Evaluates risks and develops security standards, procedures, and controls to manage risks. Improves PPS security positioning through process improvement, policy, automation, and the continuous evolution of capabilities.
- Implements processes, such as GRC (governance, risk and compliance), to automate and continuously monitor information security controls, exceptions, risks, testing. Develops reporting metrics, dashboards, and evidence artifacts.
- Defines and documents business process responsibilities and ownership of the controls in GRC tool. Schedules regular assessments and testing of effectiveness and efficiency of controls and creates GRC reports.
- Updates security controls and provides support to all stakeholders on security controls covering internal assessments, regulations, protecting Personally Identifying Information (PII) data, and Payment Card Industry Data Security Standards (PCI DSS).
- Documents and reports control failures and gaps to stakeholders. Provides remediation guidance and prepares management reports to track remediation activities.
- Assists other staff in the management and oversight of security program functions.
- Trains, guides, and acts as a resource on security assessment functions to other departments within the PPS.
- Remains current on best practices and technological advancements and acts as the PPS technical resource for security assessment and regulatory compliance.
