Manager - IT Risk & Compliance - SOX/PCI

Manager - IT Risk & Compliance - SOX/PCI-INF000410

The Manager - IT Risk and Compliance directs all activities related to the development, communication and management of policies, controls and practices supporting IT compliance and information security objectives. In addition, the Manager - IT Risk and Compliance ensures that IT compliance and security activities support Enterprise business objectives and are aligned with executive risk tolerances and expectations. This position will focus on the development and support of U.S. Cellular's IT Compliance Management Activities (ie, PCI, SOX, and CPNI).

Key Competencies

Leadership/Integrity

- Demonstrates a high degree of ethics

- Instills trust and credibility with internal and external stakeholders

- Effectively partners and collaborates with leaders at multiple levels

- Influences and manages expectations with senior leadership

- Demonstrates proven ability to manage effectively through change

- Possesses IT risk management proficiencies

- Demonstrates technical expertise in at least three of the following domains (IT Governance, Protection of Information Assets, Systems and Infrastructure Lifecycle Management, Information Security Program Management, Information Risk Management)

- Possesses proficiencies with the use of risk and control frameworks, and process improvement models (eg Risk IT, ISO 31000, COBIT, COSO, ISO 27001, ISO 27002, CMM)

Results Focus

- Initiates, leads and manages IT risk management, compliance and security governance activities

- Delivers on simultaneous projects and priorities each with tight schedules

- Able to leverage appropriate resources to meet objectives

- Portrays exceptional facilitation, negotiation, conflict resolution skills

- Translates compliance and technical requirements into relevant and understandable terms

- Holds others accountable for performance

Strategic View

- Understands long term directions and strategies of the company and able to incorporate the vision for IT governance and risk management practices into that understanding

- Identifies and implements forward-thinking strategies for achieving compliance across multiple domains that advances IS's ability to deliver more, faster and with a high degree of quality

- Thinks strategically and able to translate strategies into actionable plans

- Able to differentiate between critical issues and minutia that can be worked through

Key Responsibilities

- Drive the implementation of framework to support IT governance, risk and compliance objectives. Realize significant, measurable gains in IT Governance, Risk and Compliance ("GRC") practice maturity.

- As a senior leader in the IS organization, provide end-to-end expert guidance on how to manage IT-related risks; influence priorities and decisions across the organization

- Communicate the strategic vision and agenda to business partners to ensure alignment and support; provide insightful advice and skillful execution

- Leverage risk management activities to safeguard Information Technology's support of the delivery of business performance

- Provide end-to-end expert leadership on how to effectively achieve and sustain compliance with regulatory, industry and contractual obligations, as well as information security policies and practices.

- Provide direction and guidance to IT leaders regarding best practices and solutions that support business goals and objectives.

- Accountable to provide and approve IT controls and security requirements for technology and business partner initiatives. Ensure that contracts provide adequate protections to USCC in the areas of legal/regulatory compliance and IT security.

- Direct security risk assessments and management testing of IT controls.

- Direct Internal Audit programs, including scoping, planning, reporting, remediation and follow-up

- Drive continuous improvement in IT governance, risk, compliance and security practices based on expert knowledge in domain areas, industry best practices, business objectives and risk tolerances.

- Lead initiatives to regularly assess the adequacy and effectiveness of IT controls, security policies, and direct remediation activities and initiate actions to ensure that compliance and security gaps are successfully addressed.

- Represent the IS organization in interactions with internal/external auditors, attorneys, regulators and other 3rd parties within the scope of their domain expertise.

- Lead organizational awareness of compliance, risk, security and privacy concepts and best practices. Demonstrate the organization how effective IT risk management practices and controls enable compliance and business process efficiency. Lead an ongoing communication and education forum for the exchange of ideas and information across all IT senior executives and functional areas, as well as its business partners.

- Manage individual and team workloads to deliver agreed upon commitments. Promote effective teamwork and resolve interpersonal issues. Oversee the performance appraisal process. Help staff construct career development plans.

Deliverables

- Lead strategy development in collaboration with senior leadership

- Develop, document and maintain repeatable mechanisms to determine, measure and report to management an accurate view of significant current and near-future IT-related risks, the risk appetite and the risk tolerance of the organization and its business partners

- Develop and manage compliance and security roadmaps in collaboration with senior leadership, formulate and broker support for a portfolio of necessary remediation initiatives, drive those initiatives forward, and provide leadership over resulting project efforts

- Integrate the overall risk, compliance and security structures within IT

- Provide regular business view updates of the state of compliance and security for senior leadership and external stakeholders

- Drive the implementation of a framework of policies, controls and practices to support IT compliance and information security objectives. Drive consensus on measurable gains in IT compliance and information security practice maturity and measure our progress towards them.

- Advise leadership on how to remediate deficiencies. Understand how to capitalize on the investment made in IT internal control systems already in place. Document and report status of agreed upon remediation plans, owners and commitment dates.

- Bachelor degree in related technical/business areas. Masters or JD degree a plus.

- 10-15 years of relevant technology experience in multiple areas; wireless industry background highly desirable

- 5-7 years of Risk and/or Compliance experience focusing on PCI, SOX and CPNI

- Maintains designation with at least two of the following certifications: CISA, CISM, CISSP, CRISC, CGEIT

- Additional certifications are a plus: CIPP, CIPP/IT, CIA, CPA

- General knowledge of outsourcing methodologies and operating models, and working with professional services firms

- Understanding of project management methodologies and tools, including prior experience managing diverse, cross-functional, cross-departmental projects and technologies

- Well-rounded understanding of technology, operations and key business processes

- Expertise in designing solutions that link disparate processes and application systems

- Strong attention to detail

- Impeccable written and verbal communication skills

- Strong interpersonal, influencing and negotiation skills

J2W:LI

Job: Information Technology
Location(s): Illinois-BENSENVILLE_IL