Apply on Employer Site

CRH · 3 weeks ago

Manager, IT Risk & Internal Controls and Compliance

Atlanta, GA

Full-time

Hybrid

Mid, Senior Level

6+ years exp

CRH is a leading integrated supplier of aggregates and construction services in North America. They are seeking a Manager, IT Risk & Internal Controls and Compliance who will be responsible for developing policies, leading risk assessments, overseeing audits, and ensuring compliance with IT security frameworks and regulations.

Building MaterialConstructionManufacturing

Responsibilities

Develop and maintain IT security policies and procedures to ensure compliance with applicable laws and regulations

Lead IT risk assessments and maintain the risk register

Design, implement and maintain a comprehensive IT governance framework that aligns with industry’s best practices (ISO 27001, NIST, COBIT)

Monitoring compliance with internal policies and external regulations and preparing audits and assessments

Assist in evaluating risks and identifying controls for ongoing ERP transformation

Assist in risk owner responsibilities and evaluating the segregation of duties for access management

Monitor emerging risks in IT compliance, including cybersecurity threats that could impact SOX controls

Ensure clear, timely and efficient communication channels exist to provide status updates, identify, and resolve issues and report on any other matters as needed

Build relationships with key internal stakeholders and promote the function of a trusted partner

Identify opportunities to make the compliance process more effective and efficient through data analytics and continuous monitoring

Apply knowledge of risk and controls best practices to promote transformational activities

Drive the SOX compliance function to move beyond SOX compliance by adding value across the end-to-end financial reporting controls process

Engage with relevant external stakeholders to align and optimize work practices

Create a climate where people are motivated to collaborate with Compliance to help achieve the organization’s compliance objectives

Qualification

IT risk managementSOX complianceIT governance frameworkSAP GRCCISA certificationCISSP certificationCISM certificationCRISC certificationERP systems experienceStakeholder managementChange managementCommunication skillsConflict managementProblem-solving skills

Required

6+ years of relevant experience, including IT SOX, IT audit, or risk management at a public company or Big 4/public accounting firm

Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Information Security Controls (CRISC) or equivalent qualification and other IT risk and controls experience

Bachelor's degree in information systems, Accounting, Finance or related field

Strong understanding of SOX 404, COSO, COBIT, and PCAOB standards

Experience designing, implementing, and maintaining a comprehensive IT governance framework, policies and procedures that aligns with industry best practices (e.g., ISO 27001, NIST, COBIT) and compliance with applicable laws and regulations

Proficient with SAP GRC modules Access Risk Analysis (ARA) and Emergency Access Management (EAM) and/or other similar automated provisioning GRC tools

Experience with identifying and assessing ITGCs, application and interface controls, key reports, and SOC reports

Strong interpersonal and organizational influencing skills

Ability to communicate in a simple, articulate, thoughtful manner to varying audiences

Innovative spirit to work cross-functionally in developing improvement ideas

Conflict management and negotiation skills

A pleasant, likeable manner while accomplishing challenging results

Expertise in identifying and implementing best practice when developing a framework and process for ongoing design

Implementing operational effectiveness and testing of key controls

Creating key IT process and data flow maps to identify control weaknesses

Creating risks and control matrices (RCMs)

Experience with project management including working within complex business environments for multi-national organizations collaborating and partnering with both with Internal auditors and External auditors

Advanced problem-solving experience involving leading teams in identifying, researching, and coordinating the resources necessary to effectively troubleshoot/diagnose complex project issues; prior success extracting/translating findings into alternatives/solutions; and identifying risks/impacts and schedule adjustments to facilitate management decision-making

Comfortable navigating complex IT environments, including ERP systems, cloud platforms, and cybersecurity frameworks

Familiarity with ERP systems (e.g., SAP, M3, Oracle Cloud, NetSuite, PeopleSoft)

Ability to translate complex IT and control concepts into business-friendly language

Excellent stakeholder management skills. Ability to cultivate and maintain solid relationships with key stakeholders across organizational teams and third-party suppliers

Previous change and transformation experience, preferably at a managerial level

Must have expert proficiency in Microsoft Word, Excel, PowerPoint, Data and Analytic Tools (i.e., Tableau, Power BI, Alteryx, etc.,) and Outlook

Must be 18 years old or older

Must pass pre-employment drug screen and criminal background check

Strict adherence to safety requirements and procedures as outlined in the Employee Handbook

Willingness to work independently within a team environment and other duties as required

Moderate travel required