Senior IT GRC Advisor at Community Care of North Carolina Inc – Cary, North Carolina

The Senior GRC IT Advisor will be responsible for conducting IT risk assessments and consulting with management on risk, control and compliance matters. Additionally, the Senior IT GRC Advisor will conduct IT audit and advisory engagements and collaborate with management to identify appropriate mitigation strategies and corrective actions.

• Provides support and/ or co-facilitates risk assessments (information technology, strategic, operational, financial, compliance, etc.) throughout the organization.
• Provides recommendation to management for improvement of overall control environment.
• Collaborates with management to strengthen IT internal controls and/or develop corrective action plans to remediate risks.
• Develop and facilitate workforce education and awareness training programs relevant to CCNC’s internal control environment with focus on IT processes.
• Advise on IT projects and key initiatives providing risk management expertise to ensure risks are identified, assessed and mitigated to an acceptable level.
• Lead and execute audit and advisory engagements of information systems, infrastructure, and IT processes to evaluate the high risk areas to determine the adequacy of policies, procedures and controls and, where appropriate, compare to industry best practices and control frameworks such as the Control Objective for Information and related Technology (COBIT), National Institute of Standards and Technology, Information Technology Infrastructure Library (ITIL) and other relevant authoritative bodies.
• Performs assessments of third party vendors (including cloud systems) to evaluate compliance with contractual and regulatory requirements and IT security best practices.
• Develops and maintains risk management methodologies, tools, templates, internal websites and internal and/or external reports to ensure the quality and effectiveness of GRC initiatives and deliverables.
• Develop and adhere to GRC standards, policies and procedures designed to strengthen CCNC’s internal control environment.
• Fulfill other GRC responsibilities as directed by management.

• Effective verbal and written communication
• Excellent presentation skills
• Interpersonal (listening, facilitating, interviewing) skills
• Analytical, project management and consulting skills
• Capability to manage multiple projects concurrently with minimal supervision
• Technical skills including knowledge of IT infrastructure, cybersecurity risks, operating systems, databases, networking concepts, and cloud technologies.

• Bachelor’s degree in a technology or audit related field
• Minimum 5-years experience in IT auditing, IT Security or IT risk management
• At least 5-years experience leading, planning, conducting and overseeing complex IT audit and advisory engagements
• Experience conducting risk-based operational and/or technical audits
• Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM)

Preferred:

• Working knowledge of the HIPAA Security Rule
• Experience conducting AI Audits and AI Governance Assessments
• 2-years experience conducting cloud platform audits (e.g., AWS).