Description:
The IT Governance & Risk Manager supports the organization’s technology governance and risk objectives by ensuring IT controls, policies, and processes are effectively designed, implemented, and operating as intended. This role strengthens audit readiness and risk oversight across enterprise technology environments by partnering with IT teams, Cybersecurity GRC, and VMO GRC. This role provides hands‑on support for pre‑audit control testing, IT risk assessments, policy implementation, and mitigation tracking, while promoting consistent, well‑documented, and repeatable governance practices.
What You Will Do
- Develop, implement and maintain IT governance frameworks, policies, and standards.
- Perform pre‑audit testing of IT control design and operating effectiveness
- Support IT risk assessments and track risk mitigation activities.
- Advise control owners to improve control design and execution and documentation quality.
- Review SOC reports and assess CUECs, including mapping to internal controls annually, as needed.
What You Will Bring
- Minimum 5-7 years of internal and/or external IT audit or risk experience supporting IT risk assessments, including identifying control gaps, documenting mitigations, and tracking remediation progress.
- Preferred: Big Four experience
- Bachelor’s degree in Information Management, Information Security, or a related field, or an equivalent combination of education, training, and relevant work experience
- Professional certification in audit or risk management, such as Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified Internal Auditor (CIA), or similar is preferred.
- Strong understanding of IT control frameworks, audit methodologies, and enterprise risk concepts
- Hands‑on experience performing IT General Controls (ITGC) reviews, including design and operating effectiveness testing.
- Working knowledge of SOC reports and Complementary User Entity Controls (CUECs), including review and coordination with control owners.
- Strong written and verbal communication skills, with the ability to clearly convey risk, control, and audit concepts to technical and non‑technical stakeholders
- Exceptional attention to detail and quality.
- Ability to work autonomously and in a team environment.
- Excellent interpersonal skills to successfully collaborate with cross functional departments.
- Strong orientation toward results coupled with reputation for integrity, creativity and good judgment
- Must have the ability to challenge, when appropriate, existing practices.