VP, IT Sox & Information Security Compliance

Job Description

POSITION TITLE: VP IT SOX AND INFORMATION SECURITY COMPLIANCE

1. PURPOSE:

This position is responsible for planning, managing and reporting on the company's technology compliance programs, encompassing the assessment of internal controls for Sarbanes Oxley and Information Security compliance. These programs provide oversight of the internal control environment for compliance with company policy and regulatory requirements. Regular communication to technology and business leadership of the status of the technology compliance programs is a critical component of this position.

2. ESSENTIAL RESPONSIBILITIES:
• Manage the planning, preparation and execution of organization wide internal controls testing for IT Sox, Information Security and PCI-DSS compliance (''Technology Compliance'') programs.
• Partner with all levels of Technology and business management to ensure Technology Compliance testing is conducted in a cooperative, timely and efficient manner with cost effective recommendations being provided to management when compliance gaps are identified.
• Manage the preparation, planning and execution of System Development Life Cycle assessments, reviewing major system implementations and enhancements to ensure internal control requirements for financial reporting and IT Sox are properly addressed.
• Participate in the annual Sox scoping exercise ensuring IT systems are reflected in the Sox test plan supporting in scope Sox business processes.
• Routinely summarize and communicate to affected Technology and business management and control owners, control weaknesses identified during testing and share any insight into operations or suggestions for corrective actions and improvements that will drive increased efficiency while mitigating business risks.
• Review the adequacy of remediation plans in addressing risk and monitor remediation plan execution through to closure.
• Provide assistance to ViacomCBS internal and external auditors in completion of audits of regulatory and industry compliance requirements.
• Identify on an on-going basis relevant industry security trends and potential evolving risks facing technology initiatives, potential changes to internal controls over financial reporting, information security policies and related controls, or PCI requirements and assess their impact on the scope and strategy of the Technology Compliance programs.
• Identify and implement tools and methods which will serve to enhance the efficiency and effectiveness of the overall ViacomCBS Technology Compliance programs, including as the repository for compliance controls, test procedures, test results, remediation plans and status reports.
• Perform customary administrative tasks and responsibilities.
• Other assignments or special projects as requested by management.

3. DECISION MAKING/ACCOUNTABILITY
• Work is substantially complex, varied and regularly requires the selection and application of technical and detailed guidelines. Independent judgment is required to identify, select and apply the most appropriate methods as well as interpret precedent. The position regularly makes recommendations to management on areas of significance to the department and organization at large.
• This position is expected to operate independently. Supervision received typically consists of feedback, coaching and advice
• This role typically has 3 – 5 direct reports. Supervisory requirements consist of monitoring test execution progress, reviewing results of test execution, reviewing adequacy of remediation plans in reducing risk and ensuring compliance with reporting deadlines and submission procedures.

4. KNOWLEDGE, SKILLS & EXPERIENCE:
• Fifteen (15) or more years of technology and audit experience (general technology controls, application, and security) within a public accounting, and/or internal audit function
• Ten (10) or more years of experience with IT controls evaluation, ISO 27001, COSO or COBIT requirements including all phases of planning, evaluation, documentation, testing and remediation.
• Sufficient information security knowledge and experience to conduct technically complex compliance assessments, with emphasis on internal information systems and security audit.
• Demonstrated proficiency of technology auditing control disciplines including thorough knowledge in two or more and general knowledge in relevant areas of technical specialization (Cloud security, application security, database security, operating system security, network security).
• Ability to think analytically, communicate complex issues and develop control recommendations.
• Ability to lead and motivate people and work well with others.
• Excellent written and verbal communication skills with the ability to present control analysis and recommendations with clarity and professionalism.
• Customer focused and professional in work ethic and performance.
• Demonstrated track record of integrity, effective communication, commitment to teamwork, innovation and excellence.

5. EDUCATION/CERTIFICATIONS:
• A BA or BS Degree or equivalent in Information Systems, Accounting, Finance, Computer Science, Information Security or related field
• Professional Certification is preferred (CISSP, CISA, ISA, CPA or equivalent)

#LI-CW1

Jobcode: Reference SBJ-gpmqoe-3-133-119-66-42 in your application.