Posted:
1/29/2025, 4:00:00 PM
Location(s):
Texas, United States ⋅ Dallas, Texas, United States
Experience Level(s):
Senior
Field(s):
IT & Security
1. IT Risk and Control Assessments and Standards
• Lead the identification, documentation, and assessment of IT general controls (ITGCs)
and application controls for critical systems.
• Evaluate the effectiveness of existing controls and recommend enhancements where necessary.
• Perform risk assessments for IT processes and new technology implementations.
• Work very closely with multiple cross-functional teams to assist with understanding control gaps and integrating control requirements (HR, Finance, Legal, etc.).
• Assist in completing applicable business impact assessments and risk assessments.
• Assist in driving maturity improvements for the overall cyber security program.
2. Internal Control Testing
• Develop and execute detailed control testing plans, including SOC 2 compliance testing, cybersecurity controls, and other regulatory requirements.
• Document test results, deficiencies, and recommendations for improvement.
• Work with IT and business process owners to remediate identified control gaps.
• Inform the proper stakeholders of important concerns, hazards, or security risks based on IT control testing or cyber due diligence.
• Work in collaboration with Security and GRC to develop and implement a centralized audit evidence repository and GRC tool.
• Perform IT controls testing for new product certification.
3. Policy and Procedure Development
• Assist with security standards, policies, and practices to make sure they meet corporate demands, regulatory and client obligations
• Develop and maintain IT control documentation, including control matrices, narratives, and flowcharts.
• Integrate ongoing changes to laws, regulations, and frameworks as required into daily activities.
• Create and update policies and procedures related to IT risk management and compliance.
4. Collaboration and Communication
• Assist the department in responding to inquiries from the business units or external parties about ongoing operational compliance
• Provide guidance and training to IT and business staff on control expectations and best practices.
• Participate in control-related projects and initiatives, ensuring controls are integrated into IT processes.
• Engage directly with product engineering and other organizational teams on compliance, external audit engagements, and assessments.
• Support vendor due diligence and third-party risk management efforts as an information security subject matter expert.
5. Monitoring and Reporting
o Monitor the ongoing effectiveness of IT controls through periodic reviews and continuous monitoring.
o Prepare control status reports and dashboards for senior management and stakeholders.
o Track and report on remediation efforts and control improvement progress.
Qualifications
Education and Experience
• 5+ years of direct experience in information security or IT controls testing, with a main emphasis on risk and compliance
• 3+ years of expertise conducting ISO 27001, NIST 800-171 and SOC 2 audits, as well as handling audit responses
• Thorough understanding of market structures, including relevant regulatory compliance requirements (SOC 2, NIST, FedRamp, PCI, GDPR, etc.)
Technical Skills
• Strong knowledge of IT general controls (ITGC), application controls, and cybersecurity frameworks.
• Experience with frameworks such as COSO, COBIT, NIST, and ISO 27001.
• Familiarity with SOX compliance, PCI-DSS, and other regulatory requirements.
Soft Skills
• Strong analytical, problem-solving, and decision-making skills.
• Excellent communication and collaboration skills.
• Ability to manage multiple projects and meet deadlines.
Preferred Certifications
• Certified Information Systems Auditor (CISA)
• Certified Information Systems Security Professional (CISSP)
Website: https://mamassets.com/
Headquarter Location: Houston, Texas, United States
Employee Count: 51-100
Year Founded: 2018
IPO Status: Private
Industries: Asset Management ⋅ Financial Services ⋅ Wealth Management