Employment Type: Permanent
Job Number: 27023
Compensation: 80k/year - 120k/year
IT Compliance Lead
Professional work that plans, assigns, schedules, leads, monitors and reviews the work of others in the assigned area. Maintains or improves the performance of assigned teams, including participating in two-way coaching discussions, providing input to performance evaluations and providing job-related training. Also leads project teams in planning, analyzing, designing, constructing, testing and implementing complex integrated information technology systems. Professional level understanding of the required competencies and demonstrated skills and abilities coupled with extensive experience to successfully apply them under minimal supervision in difficult projects and multiple situations. Serves as a key resource for technical issues that cross functional and organizational lines
● Provides coaching and mentoring and ensures that training is provided to others to maintain and enhance technical knowledge and skills.
● Direct activities of SMEs in installing hardware and software, resolving operating problems, providing technical assistance and training to users and evaluating suitability and compatibility of completed installations.
● Monitors production systems and initiates corrective and restorative actions.
● Reviews and evaluates SME’s work for conformance with JEA’s Policies and Procedures established to meet compliance requirements such as CIP HIPAA, FACTA, PCI DSS, etc.
● Identifies risks, evaluates control deficiencies, and recommends remediation efforts consistent with IT organizational policies, standards, procedures, and regulatory requirements.
● Obtains, reviews and interprets evidence to validate controls are performed effectively.
● Prepares, coordinates and supports compliance audits conducted by internal resources, consultants or regulatory organizations.
● Coordinates with responsible organizations to resolve compliance issues, and develop improvement recommendations and mitigation plans.
● Utilizes compliance technology to assign, track and monitor compliance efforts.
● Set priorities and establish a systematic course of action, including planning and scheduling work and influencing and motivating others to complete objectives on time and within budget.
● Employ analytical, interpretive, evaluative and constructive thinking; and judgment in interpreting and adapting methods, techniques and procedures to specific projects and organizational requirements.
● Bachelor of Science degree in Computer Engineering, Computer Science, or related discipline and six (6) years of professional experience in the specific computer systems analysis, software development &/or system configuration discipline being recruited.
● National Institute of Standards and Technology (NIST) framework and best practices.
● Regulatory standards, including CIP, FACTA, HIPAA, PCI DSS.
● IT services (network, server, storage, backup & recovery, telecommunications, database, information security and end-user compute devices).
● Enterprise system configuration features, logs and operating systems.
● Common security applications SIEM, endpoint security (patching, antivirus and vulnerability scans).
● General Computing Controls (GCCs).
● The following areas: Security Management, Access Management, Information Protection, Disaster Recovery, Incident Response, Configuration Change Management, Vulnerability Assessments, and Controls Evaluation.
● Evaluation of network, computing assets and platforms for compliance with defined standards, internal processes, and procedures.
● Performing multi-platform (application, database, operating system, middleware, monitoring tools, and business processes) level audits based on predefined test objectives and test plans.
● Performing retest of controls that have been remediated or updated as a result of previously identified deficiencies.
● Review existing processes and provide recommendations for improvements.
● Develop and implement new or significantly revised compliance programs.
● Identify complex control gaps.
● Leadership theories and principles and motivational techniques as applied to the leading the work of others, including project teams.
● Organizational structure and fiscal processes and procedures, including budget and purchasing guidelines.
● Technology Services departments, sufficient to work across organizational lines with other teams to resolve problems and issues.
● Information Technology Infrastructure Library (ITIL) framework and best practices.
● Using the Technology Services change management process.
● Using statistical analysis and related tools.
● Troubleshooting and resolving complex technical and system operations problems.
● Writing code using required programming languages for assigned applications.