IT Risk & Compliance Resume Sample
Sam Rosenbaum
614 Alek Creek,
Dallas,
TX
+1 (555) 655 8906
Work Experience
Manager, IT Risk & Compliance
04/2017
-
PRESENT
Detroit, MI
- Plan, supervise and conduct testing to confirm continuous efficiency and effectiveness of information systems controls
- Collect information and review documentation to identify information systems control deficiencies
- Review information systems policies, standards and procedures to verify that they address the organization's internal and external requirements
- Evaluate the current state of information systems processes using a maturity model to identify the gaps between current and targeted process maturity
- Provide information systems control status reporting to relevant stakeholders to enable informed decision making
- IT Policies/Governance and Compliance
- Coordinate the development and ongoing maintenance of other IT policies and procedures
IT Risk & Compliance
12/2014
-
02/2017
San Francisco, CA
- Analyzing Processes and Procedures
- Act as a subject matter expert on IT internal controls risk assessments and analysis for US Region, and lead IT compliance initiatives and services as appropriate
- Provide support and evidence for both internal and external IT Audits, including SOX, Operational and Financial audits and other risk based advisory engagements
- Facilitate remediation, reporting and monitoring of related IT risks, deficiencies, gaps and audit issues
- Advise and assist project teams on compensating control alternatives where IT risk requirements cannot be met
- Support key reporting activities associated within IT compliance,
- Perform SDLC assessments of technology enabled projects and 3rd party vendor assessments
- Perform IT controls assessments as required for mergers and acquisitions, and implications of divestitures
IT Risk & Compliance Department Intern
01/2010
-
09/2014
Detroit, MI
- Ensure that all IT policies and procedures are compliant with regulatory requirements
- Maintain the IT Disaster Recovery Plan including annual reviews
- Oversee the regular testing of the plan and update for major changes in hardware, applications, business and regulatory requirements accordingly
- Coordinate testing and reporting of data backup restorations in accordance with Key Performance Indicators (KPIs)
- Audits and Reviews Preparation and Facilitation
- Serve as liaison to auditors, consultants, and the bank Compliance Committee regarding documentation and review of information compliance
- Projects and Initiatives related to IT
- Applying Expertise &Technology
Education
York University
2005 - 2010
Bachelor's Degree in Computer Science
Professional Skills
- Communication – Strong verbal and written communication skills to effectively present to peers and management are essential, including the ability to build relationships, manage confrontation with poise and confidence, and communicate in a clear, concise, and compelling manner
- Prior experience working within or auditing an IT organization, supporting enterprise level IT functions and processes required
- Leverage negotiation skills to challenge business and IT users on assumptions and help craft innovative and effective solutions
- Experience facilitating and leading cross-functional team meetings
- Project Management experience, managing multiple initiatives simultaneously
- Work effectively with geographically dispersed teams, at times leveraging asynchronous communication methods
- Deadlines – Demonstrated ability to meet deadlines and work within a fast-paced project driven and team environment
How to write IT Risk & Compliance Resume
IT Risk & Compliance role is responsible for software, finance, training, auditing, security, payroll, architecture, reporting, digital, insurance.
To write great resume for it risk & compliance job, your resume must include:
- Your contact information
- Work experience
- Education
- Skill listing
Contact Information For IT Risk & Compliance Resume
The section contact information is important in your it risk & compliance resume. The recruiter has to be able to contact you ASAP if they like to offer you the job. This is why you need to provide your:
- First and last name
- Telephone number
Work Experience in Your IT Risk & Compliance Resume
The section work experience is an essential part of your it risk & compliance resume. It’s the one thing the recruiter really cares about and pays the most attention to.
This section, however, is not just a list of your previous it risk & compliance responsibilities. It's meant to present you as a wholesome candidate by showcasing your relevant accomplishments and should be tailored specifically to the particular it risk & compliance position you're applying to.
The work experience section should be the detailed summary of your latest 3 or 4 positions.
Representative IT Risk & Compliance resume experience can include:
- Demonstrated working knowledge in ISO, CIS, NIST, COBIT or other information security / IT controls frameworks
- Supports the IT Audit process to ensure its success. Develops and manages effective controls and action plans for any deficiencies
- Working knowledge of standard risk management/control frameworks such as COBIT, ISO 27005, COSO, NIST 800-30, and ITIL
- Manage the annual audit plan, including assessing impacts to FSC IT
- Define and implement Risk reporting, including KPI and KRI’s for the top IT risks
- Monitor and in some case perform key controls for the US Region, including access management, change management, security, and operations
Education on an IT Risk & Compliance Resume
Make sure to make education a priority on your it risk & compliance resume. If you’ve been working for a few years and have a few solid positions to show, put your education after your it risk & compliance experience. For example, if you have a Ph.D in Neuroscience and a Master's in the same sphere, just list your Ph.D. Besides the doctorate, Master’s degrees go next, followed by Bachelor’s and finally, Associate’s degree.
Additional details to include:
- School you graduated from
- Major/ minor
- Year of graduation
- Location of school
These are the four additional pieces of information you should mention when listing your education on your resume.
Professional Skills in IT Risk & Compliance Resume
When listing skills on your it risk & compliance resume, remember always to be honest about your level of ability. Include the Skills section after experience.
Present the most important skills in your resume, there's a list of typical it risk & compliance skills:
- Use strong meeting management skills to engage participants in productive work sessions
- Advanced skills in Excel, Powerpoint, and Visio
- Experience with Windows, Linux, UNIX and Virtual environments. Ability to recommend Operating System hardening for all environments and systems
- Evaluates the adequacy and effectiveness of safeguards protecting sensitive Company information
- Maintain and update plans and practices to achieve efficient and effective communication and restoration of operations during IT emergencies
- Demonstrated familiarity with cloud control frameworks, including CSA Star, ISO 27017, COBIT for Cloud Assessments or other information security / IT controls
List of Typical Experience For an IT Risk & Compliance Resume
1
Experience For Manager, IT Risk & Compliance Resume
- Working with a matrixed compliance organization, not only take responsibility for IT compliance in the US region, but also assignment of a global compliance focus area
- Support the review of vendor and customer contracts to identify potential IT internal control risks or requirements
- Study industry risk trends and identify improvement in IT Risk and Compliance Management
- Collaborate and work closely with internal and external auditors, Key stakeholders in both IT and the business, and compliance team members
- Value and respect the diversity of people to work with others in a productive and respectful team environment
- Work productively in a team, or independently to achieve significant output with minimal supervision
- Develop and maintain firm-wide information security program
- Recommend and supervise implementation and operation of security systems and their associated software, including firewalls, intrusion detection systems, and anti-virus/spyware software
2
Experience For Senior Analyst, IT Risk & Compliance Resume
- Investigate security breaches and abuse of the IT Security policies and procedures, including those of a sensitive and confidential nature. Reports findings and recommendations to management
- Review and approve connection security for local area networks, the corporate Web site, the intranet, applications, and e-mail communications
- Serve as advisor to project teams on IT Risk & Compliance matters, including requirements; develop supporting requirement documents, RACI’s and templates for project teams
- Designs and manages the Vendor Information Risk Management Program which include conducting information security assessment, compliance due diligence, and performing oversight activities of third parties who have access to the company’s environments or data
- Lead discussions on root cause analysis on gaps identified and provide recommendations on remediation plans
- Manage the CPI-810 (internal security policy) compliance program to ensure that all ~130 applications are compliant, understand and track vulnerabilities and ensure that remediation plans are implemented and completed in a timely manner
- Develop and conduct executive communication
3
Experience For Head of IT Risk & Compliance Resume
- Drives continuous improvement initiatives focused on process improvement, productivity improvement and cost reduction across IT
- Optimize IT Risk governance and co-create with ERM the new IT Risk framework
- High level of integrity, professional attitude, reliable and dependable
- Define the plan to identify and evaluate business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement
- Perform remediation, exception and risk acceptance efforts across the range of risk findings
- Coordinate risk mitigation plans with appropriate Society partners
4
Experience For Senior IT Risk & Compliance Specialist Resume
- Support the implementation of IT GRC tools and IT GRC projects to ensure that security controls are in place for the confidentiality, integrity and availability of ACS systems and data
- Effectively manage, monitor and take action to ensure coordination and effectiveness of all Risk and Threat Management components and activities and decide on issues requiring escalation
- Develop, implement, and enhance audit and compliance tracking processes in order to ensure
- Be part of the Finance IT, Global Operation’s Risk & Compliance team that works on new and exciting tasks globally
- Support the Security Incident and Event Management Plan
- Work on regional center’s information security assessments and management
- Work with global vendors on their security assessments
- Work with the global application teams on compliance assessments
5
Experience For IT Risk & Compliance Specialist Resume
- Assist application lifecycle processes, SOX compliance processes, application and supplier security assessments, ISO compliance activities
- Partner with other IT teams to deliver compliant solutions
- Create operational and executive reports from systems and processes
- Assist CMDB administration, updates, regular reviews
- Work on process improvements within Digital Technology, especially on Governance
- Creates shared awareness of relationships and collaboration opportunities across multiple teams within multiple GE businesses
6
Experience For Senior Analyst IT Risk & Compliance Resume
- Empathy for business, user needs combined with ability to say no if needed
- ISO 27000 standard awareness
- Knowledge on COBIT methodology is an advantage
- Compliance and controllership mindset
- Act as project director and business/audit liaison for external and internal IT audits responsible for strategy, plan, and results for annual SOX and PCI audits with relation to IT controls
7
Experience For IT Risk & Compliance Department Intern Resume
- Manage Project Engagement reviews; monitor progress to ensure compliance pre-go-live
- Manage or support targeted compliance reviews on behalf of the IT Risk & Compliance department
- Support the development of IT risk treatment plans and manage continuous improvement programs
- Advise the IT department on the corporate control environment as it relates to COSO 2013, SOX ITGCs, PCI-DSS controls, and corporate policy
- Review and endorse aids, implementation guides, education material and/or other templates to support project, department and organizational wide compliance training and awareness efforts
- Review and endorse in development and review of technical and process related documentation, including operating procedures, control manuals, business requirement documents
8
Experience For Mgr-it Risk & Compliance Resume
- Oversee the design, development, and implementation of software and hardware solutions, systems, or products
- Establish and maintain regular written and in-person communications with the organization’s executives, department heads, and end users for related IT activities
- Understand organizational behavior and how it influences business solutions
- Develop, document, and work with the IT managed service provider to communicate, and enforce technology standards and governance
- Responsible for supporting all aspects of information security as it relates to SXM’s compliance programs including SOX, PCI, ISO, and other programs serving as the information security and compliance subject matter expert for the enterprise including radio, connected vehicle services to enforce adherence to corporate information security policies and standards
- Gathers relevant business, regulatory, process, and system information; validate/update process flows, risks, and controls; prepares accurate, complete, clear, and timely analysis and documentation that reflects an ability to identify risks and independently assess the adequacy and effectiveness of IT internal controls, policies, processes and procedures
- Ensures the accurate gathering of relevant business, regulatory, process, and system information; validate/update process flows, risks, and controls; the preparation of accurate, complete, clear, and timely analysis and documentation that reflects an ability to identify risks and independently assess the adequacy and effectiveness of IT internal controls, policies, processes and procedures
List of Typical Skills For an IT Risk & Compliance Resume
1
Skills For Manager, IT Risk & Compliance Resume
- Ensure that server logs, firewall logs, intrusion detection logs, and network traffic are effectively monitored for unusual or suspicious activity
- Manages plans and practices to achieve efficient and effective communication and restoration of operations during IT emergencies
- Demonstrated expertise in ISO, CIS, NIST, COBIT or other information security / IT controls frameworks
- Demonstrated savvy with team discussions and executive presentation deck development
- Ensure software fixes and security patches are applied on a timely basis and are operated in accordance with established policies, procedures, and standards
2
Skills For Senior Analyst, IT Risk & Compliance Resume
- One or more of the following is required: CPA, CISA, CISM, and/or CISSP
- Leads a team of analysts dedicated to managing IT governance, risk and compliance
- Responsible for setting company policy as it relates to IT Risk and Compliance
- Drive the development of internal compliance and risk dashboards and management reporting
- Manage multiple audits, through working across IT and business organizations
- Utilize deep understanding of the audit scope to analyze the impacts to business process and systems the organization supports
- Advise the IT organization on potential risk and compliance issues, ensuring this is managed at enterprise level
3
Skills For Head of IT Risk & Compliance Resume
- Deploy the eGRC enabled IT Risk Registers and Risk Mitigation Plans process based on ERM process and provide training on IT risk management
- Integrate IT Risk assessment process and approach across the IT functions (IT Global Services, IT Delivery, CISO and Architecture & Emerging Technologies)
- Enhance & release Business Impact Analyses process to cover the complete IT Service lifecycle, including relevant compliance area’s
- Analytical – Synthesizes complex or diverse information; Collects and researches data; Designs workflows and procedures
- Change Management – Develops workable implementation plans; Communicates changes effectively; Builds commitment and overcomes resistance; Prepares and supports those affected by change; Monitors transition and evaluates results
- Business Acumen – Understands business implications of decisions; Displays orientation to profitability; Demonstrates knowledge of market and competition; Aligns work with strategic goals
- Organizational Support – Follows policies and procedures; Completes administrative tasks correctly and on time; supports organization’s goals and values; Benefits organization through outside activities; Supports affirmative action and respects diversity
- Strategic Thinking – Develops strategies to achieve organizational goals; Understands organization’s strengths & weaknesses; Analyzes market and competition; Identifies external threats and opportunities; Adapts strategy to changing conditions
- Planning/Organizing – Prioritizes and plans work activities; Uses time efficiently; Plans for additional resources; Sets goals and objectives; Organizes or schedules other people and their tasks; Develops realistic action plans
4
Skills For Senior IT Risk & Compliance Specialist Resume
- Regularly updates metrics and analysis to track remediation progress and demonstration of control maturity and effectiveness
- Two or more years of relevant work experience in audits, security or compliance
- Experience in two of three areas: IT Audit, IT Risk and Information Security
- Evaluates and updates security policies, procedures, and standards to ensure alignment with applicable security control requirements
- Conducts third-party security and compliance assessments and documents detailed results
- Coordinates with data owners to ensure accuracy and completeness of sensitive Company information
5
Skills For IT Risk & Compliance Specialist Resume
- Travel nationally/internationally as required
- Information Technology university studies
- Experience in IT with experience in at least 1 of the following areas:SOX audits, internal audit, security risk assessments, information governance, privacy, security awareness, or cybersecurity maturity assessments. Strong preference for experience in 2 or more areas
- Function as a Subject Matter Expert in several IT Risk domains (e.g. Access Control, Change Management, Cryptography, Secure Network Design, Data Privacy, PCI, SOC, SOX)
- SOX Audit experience required
- Participate in maintaining the risk register and support continuous improvement of IT risk management processes
- Travel: +/- 15% (Domestic and International)
- IT Risk Consulting: Works with management and team members to assess risks associated with technology solutions and ensures appropriate remediation strategies are employed. Consults with managers and team members to identify and assess current and emerging risks and strategic initiatives
- IT Regulatory Examinations and Internal Audits: Supports IT Audits to ensure their success. Provide assistance to IT managers and team members in writing the effective controls and action plans for any deficiencies
6
Skills For Senior Analyst IT Risk & Compliance Resume
- IT Risk Metrics and Reporting: Assists in the development of risk metric and reporting frameworks for Information Security. Delivers these metrics and reports on weekly, monthly and quarterly basis
- Manage testing request lists from internal and external auditors, providing the interface between IT management and the auditors
- Define action plans and timelines with process owners and manage them to completion/implementation
- Assist with Information Security Incident Management: Ability to investigate, document and report on incidents that impact confidentiality, integrity and/or availability
- Writes IT policies, standards and procedures. Ensures IT Policies, Standards and Procedures meet the guidelines established for each; ensures they are properly housed, refreshed, inventoried and approved
- Draft Information Security deliverables to both internal and external partners on a variety of topics including, security breaches, policy governance, etc
- Conduct scheduled assessment to identify gaps in IT business continuity, emergency and disaster recovery plans
- Coordinate Disaster Recovery initiatives and plans
7
Skills For IT Risk & Compliance Department Intern Resume
- Collect and update policy, procedure and/or process documents, preferably in a GRC tool such as Allgress, Archer etc
- Participate in IT business continuity planning awareness training and identify potential business interruptions, develop safeguards against these interruptions, and implement recovery procedures in the event of a business interruption. Provide documentation and training on contingency planning concepts and procedures
- Participate in Information Security Awareness initiatives and conducts Awareness training, as assigned
- Owns the IT risk register and supports continuous improvement of IT risk management processes
- IT Risk Consulting: Works with IT R&C Analysts to assess risks associated with technology solutions and ensures appropriate remediation strategies are employed. Consults with senior managers to identify and assess current and emerging risks and strategic initiatives
- Leads the development of risk metric and reporting frameworks for Information Security. Delivers these metrics and reports on weekly, monthly and quarterly basis
8
Skills For Mgr-it Risk & Compliance Resume
- Defines action plans and timelines with process owners and manage them to completion/implementation
- Manages Information Security Incident Management: Ability to investigate, document and report on incidents that impact confidentiality, integrity and/or availability
- Manages the IT policies, standards and procedures program. Ensures all IT Policies, Standards and Procedures meet the guidelines established for each; ensures they are properly housed, refreshed, inventoried and approved
- Drafts Information Security deliverables to both internal and external partners on a variety of topics including, security breaches, policy governance, etc
- Manages scheduled assessments to identify gaps in IT business continuity, emergency and disaster recovery plans
9
Skills For IT Risk & Compliance Supervisor Resume
- Manages Disaster Recovery initiatives and plans
- Manages the annual IT BCP exercise and resources
- Manages IT business continuity planning awareness training and identify potential business interruptions, develop safeguards against these interruptions, and implement recovery procedures in the event of a business interruption
- Oversee Stericycle’s IT policies, standards, guidelines and baselines under the direction of Director, IT Risk & Compliance. Manage compliance efforts with applicable regulatory and legal requirements
- Works with business teams across the global organization to develop and execute the IT Risk Compliance and Risk Management program framework, extending processes as necessary to help business identify information risk and manage mitigation to an acceptable level
- Identify and develop controls needed for the mitigation of risk for IT processes which are not compliant with information security and risk frameworks or legal/regulatory requirements
10
Skills For IT Risk, Compliance & Quality Lead Resume
- Work with team members within the Risk and Compliance organization in assessing risk, developing appropriate controls and advising on creation of action plans to address gaps
- Works closely with global business, contract and legal teams to assess proposed terms and conditions, align with appropriate risk profile and provide feedback on changes needed
- Monitors and manages issues and risk register to ensure risks are accurately represented and actively managed
- Prepares management reports and assists with project management responsibilities within IT Risk & Compliance organization
- Help ensure compliance with HIPAA, PCI, GDPR, SOX and SOC for Stericycle Business Units. Work with business units to ensure applications and risks are properly classified
- IT policy, controls, assessment and audit experience required
Related to IT Risk & Compliance Resume Samples
Compliance Risk Resume Sample
Work Experience
• Assist in the development of CRA program
• Manage and oversee completion of annual CRA process by Americas coverage compliance officers
• Data analytics, including analysis of metrics impact on CRA scoring formula and results and analysis of results data by risk theme, region...
Professional Skills
• Excellent time management skills and the a...
• Excellent communication skills in English ...
• Strong Microsoft Office skills, especially...
Ethics & Compliance Resume Sample
Work Experience
• Has final authority to…decide whether to open or close a claim. Determine who investigates a claim (HR, Legal, COBC, etc) Provide advice to LEOs on ethics matters, Determine when, where and how to conduct training
• Makes recommendations to Chief E&C Officer as well as provides input to Audit C...
Professional Skills
• Excellent communications skills, particula...
• Demonstrated strong leadership skills incl...
• Excellent oral and written communication s...
IT Compliance Analyst Resume Sample
Work Experience
• Define, execute and maintain a framework for IT Compliance management including validation and classification methods
• Plan, design and execute IT compliance testing, controls assessment and documentation across all domains for IT General Controls, (PCI DSS) Payment Card Industry, Data Privacy, HI...
Professional Skills
• Maintains a set of IT Security and Complia...
• Demonstrated interpersonal skills, excelle...
• Strong interpersonal communication skills,...
Mortgage Compliance Resume Sample
Work Experience
• Responsible for assisting with the ongoing development and implementation of the LOB Compliance Risk team’s strategic plan to accomplish its Annual Compliance Risk objectives
• Extensive knowledge of the assigned compliance area along with the associated operations, including the related rules and ...
Professional Skills
• Experience working in a production environ...
• Pulling and Pushing: Opening and closing f...
• Performing transactional testing of requir...
Team Lead, Compliance Team Resume Sample
Work Experience
• Communicate with lines of defense regarding information related to internal audits, KRIs and control tests
• Participate in the resolution of identified risks
• Research regulations to advise on application by the business unit
• Draft and revise polici...
Professional Skills
• Excellent IT skills including Word and Excel
• Strong verbal and written communication sk...
• Experience of process mapping and developi...
Audit Compliance Resume Sample
Work Experience
• Working knowledge of Canadian Federal and Provincial Privacy legislation, the Telecommunications Act, the CRTC UTRs, CASL, and any other emergent or existing regulations that impact the CCC’s policies or processes
• Scotiabank’s Privacy Code
• Working knowledge of the policie...
Professional Skills
• Considerable skill in effective verbal and...
• Strong written and verbal communication sk...
• SAS software implementation experience or ...