Skip to main content

This job has expired

Director - IT Risk & Compliance

Employer
Crawford & Company
Location
Norcross, Georgia
Salary
Not Specified
Closing date
Sep 15, 2019

View more

Job Details

Excellence In Everything We Touch

CRAW - iCIMS - IT

Position Summary

The Director - Information Technology (“IT”) Risk & Compliance plays a leadership role within the Global IT Security organization for the global IT governance, risk and compliance (GRC) function. The Director - IT Risk & Compliance reports directly to the CISO/SVP Global IT Security and is a critical position within the organization. This individual will be directly responsible for creating, maintaining and improving information security and data protection policies, standards, procedures and internal controls designed to address risks specific to the organization and support compliance with security frameworks and applicable regulatory and contractual requirements. The Director – IT Risk & Compliance will provide guidance on how information security and data protection risks are identified, assessed, managed and mitigated throughout the organization, including responding to client security assessment requests and playing a key role in the organization’s third-party risk management program. This individual will work in close collaboration with all business groups including, but not limited to, Finance, Legal, Human Resources, Internal Audit, business operations and other stakeholders globally to implement new solutions and processes as well as document and remediate outstanding issues. In addition this individual will drive the security awareness program, including preparing security communications and conducting mock phishing tests.

Responsibilities

  • Develop, communicate and manage information security policies, standards, controls and practices supporting information security frameworks (e.g., NIST Cybersecurity Framework, ISO) and regulatory/compliance requirements (e.g., SOX, SSAE 16, GDPR, PCI-DSS, NYDFS, HIPAA).
  • Design and implement an overall IT risk management framework for the organization, including conducting risk assessments, documenting, evaluating and tracking status of risks and risk treatment plans (remediation or risk acceptance), and producing and communicating a risk register to key stakeholders.
  • Identify, document and evaluate the effectiveness of controls aligned with security frameworks and regulatory/compliance requirements. Facilitate and coordinate work by external consultants performing annual maturity assessment against the NIST Cybersecurity Framework. Analyze and provide recommendations for improving maturity of the security program by addressing control gaps and streamlining existing controls.
  • Participate as a key member representing security in the organization’s third party risk management (TPRM) program. Evaluate and enhance third party security assessment methodology and processes. Coordinate and review results of third party security assessments, providing feedback on results to the TPRM team and business representatives responsible for the third party relationship.
  • Coordinate and facilitate responses to client security inquiries and assessments, representing the organization in security-focused discussions with client representatives. Working with Legal, identify, review and assess client contractual security requirements.
  • Coordinate the IT component of internal and external audits, acting as the subject matter expert on IT control activities, preparing control narratives, coordinating with control owners, and gathering and reviewing requested audit evidence. Where required, assist in developing, executing and tracking mitigation and remediation plans for control deficiencies.
  • Conduct security awareness campaigns and mock phishing test exercises to educate employees on the importance of security and IT controls to achieve compliance with company policy or regulatory requirements and reduce risk.
  • Develop and manage departmental budget.
  • Develop and manage a team of IT governance, risk & compliance staff capable of executing IT risk assessments and regulatory and compliance reviews.
  • Perform other job responsibilities and duties as assigned by Management.
Requirements

  • Bachelor’s degree in information systems, computer science, accounting or a business-related field is required. Advanced degree is desired.
  • Eight to ten years of IT risk management, IT auditing or related experience.
  • May require travel, including international travel
  • Industry security certifications, such as Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA).
  • Solid understanding of IT processes and related risks and controls, particularly in a global public company with a complex multi-business, multi-platform IT environment
  • Solid understanding of security frameworks, such as the NIST Cybersecurity Framework and ISO 27001 and 27002, and security requirements of regulations such as Sarbanes-Oxley, GDPR, PCI-DSS, NYDFS, HIPAA, etc.
  • Experience identifying and assessing internal controls over financial reporting, including extensive knowledge of IT general controls and automated business process controls
  • Experience implementing and executing IT risk management methodologies and processes
  • Highly developed organization, communication, project management, and presentation skills
  • Excellent verbal and written communication skills plus effective interpersonal skills
  • Ability to articulate risks and recommended remediation/mitigation actions
  • Demonstrated ability to effectively communicate technical topics with a non-technical audience, including with senior level executives and clients
  • Ability to successfully interact with and influence IT staff to quickly and successfully address IT audit findings and control gaps
  • Excellent time management and organizational change management skills to manage multiple, conflicting high priority requests within tight deadlines
  • Strong leadership and influencing skills that include communication, negotiation and problem solving
  • Prior supervisory or people management experience
  • Experience managing a global team located in various locations and time zones
  • Ability to create and manage a budget and global resourcing plan
About Us

People taking care of people. It’s that simple. At Crawford & Company, we treat our clients’ policyholders like our own, helping to restore and enhance lives, businesses and communities at all points of the claims management process. Combining a legacy of nearly 80 years of unmatched experience with global capabilities and industry-leading technology, Crawford is at the forefront of change, while also staying firmly rooted to our commitment to putting people first.

We are guided by our collective value system: RESTORE.

At Crawford, we:

  • Respect our culture of integrity and ethical behavior, while embracing the unique talents of the individual and encouraging an ownership mentality among everyone.
  • Are Empowered to advance the company mission and take ownership of our individual career progression.
  • Promote Sustainability through a corporate culture in which employees are good stewards of their communities.
  • Emphasize Training and an environment where employees continually seek and share knowledge and are engaged and satisfied with their work.
  • Are One Crawford, embracing a global mindset that’s inclusive, agile, mission-focused, and customer-focused.
  • Give Recognition, participating in an environment where people are rewarded for jobs well done.
  • Embody an Entrepreneurial Spirit, sharing a passion to succeed, innovate, and outpace our competitors.

We believe in leading by example – at work and in our communities. We hail from more than 70 countries and speak dozens of languages, reflecting the global fabric of the audience we serve. Though our reach is vast, we proudly operate as One Crawford: united in mission, vision and values. Learn more at www.crawfordandcompany.com.

In addition to a competitive salary, Crawford offers you:

  • Career advancement potential locally, nationally and internationally. Crawford & Company has more than 700 locations in 70 countries
  • On-going training opportunities through every stage of your career
  • Strong benefits package including matching 401k; health, dental, and life insurance; employee stock purchase plans; tuition reimbursement and so much more.

Crawford & Company participates in E-Verify and is an Equal Opportunity Employer. M/F/D/V Crawford & Company is not accepting unsolicited assistance from search firms for this employment opportunity. All resumes submitted by search firms to any employee at Crawford via-email, the Internet or in any form and/or method without a valid written Statement of Work in place for this position from Crawford HR/Recruitment will be deemed the sole property of Crawford. No fee will be paid in the event the candidate is hired by Crawford as a result of the referral or through other means.

Company

Welcome to Crawford & Company®. As the world’s largest publicly listed independent provider of claims management solutions, our focus is to help people and businesses quickly recover from losses. Our claims management solutions speed recovery time so that clients can resume their lives and work with as little disruption as possible. From large-scale catastrophic losses to short-term workers compensation claims, we offer total solutions that begin with first notice of loss and end with positive, measurable outcomes. The road to recovery begins with Crawford.

With 700 offices in 70 countries and more than 9,000 employees worldwide, Crawford careers span countless fields and disciplines. We offer compelling opportunities that make a difference in the lives of our clients. 

Company info
Website
Telephone
404.300.1000
Location
1001 Summit Blvd
Atlanta
GA
30319
US

Get job alerts

Create a job alert and receive personalized job recommendations straight to your inbox.

Create alert