Sallie Mae, Inc.
The Sr IT Compliance Project Manager/Analyst is responsible for the management of selected IT Compliance projects and initiatives, developing project implementation strategies and helping deliver best-in-class enterprise wide IT Compliance programs to assist ensuring that corporate information systems and assets are compliant with applicable laws and regulations. Manages information security audits conducted by both internal and external auditors and coordinates with IT and Information Security personnel and team leads. Plans and manages the delivery of enterprise IT Compliance solutions in support of business objectives and ongoing operations. This includes defining project scope, project planning and tracking, establishing priorities and approach, and developing management communication strategies.
The Sr. IT Compliance Project Manager/Analyst also participates in the development and execution of control test plans for assigned critical processes and associated integrated controls (including Sarbanes-Oxley). This includes the identification of related issues and remediation tracking and validation. The position requires knowledge of regulatory frameworks such as NIST (e.g. NIST Publication 800-53), FFIEC, HIPAA, GLBA, PCI, IRS Publication 1075, IRS Publication 4812, and other applicable regulatory frameworks. They are responsible for working with IT areas to ensure critical processes have been appropriately analyzed and documented.
Additional responsibilities of the Sr. IT Compliance Project Manager/Analyst include defining related IT Compliance reporting and benchmarking metrics, managing IT compliance related issues, developing dashboard strategies, implementing statistical and management reporting methodologies, and IT relationship management. The position is responsible for various requirements as they relate to defined boundaries. The Sr. IT Compliance Project Manager/Analyst is required to become knowledgeable of boundaries currently supported by the company, and the process to maintain an authority to operate (ATO). Additionally, this position will be involved in other projects as assigned that may be regulatory, security, IT or risk related.
This position requires the ability to define problems, collect data, establish facts, and draw valid conclusions. Outstanding communication skills, thorough documentation and presentation skills, demonstrated follow-through, attention to detail, analytical and critical thinking skills, the ability to identify needs and take initiative, and a commitment to excellence are also key requirements of the position.
1. IT Compliance Project Management / Audit Coordination
a. Project leader for IT Compliance related projects and represents the IT Compliance department on various IT project teams. Manage projects from inception through final completion.
b. Plans and manages information security audits conducted by both internal and external auditors and coordinates with Information Technology and Information Security managers and team leads.
c. Work closely with staff members from Information Technology departments and key business areas to help ensure information security requirements are defined, documented, tested and delivered as part of project deliverables.
d. Develop and maintain detailed project management plans for information security project initiatives. Commit to, drive, and meet deadlines in both quality and time. Coordinate or assign tasks as required. Monitor progress and provide regular status reports.
e. Over time, this position will continue to enhance his/her familiarity/expertise with the IT Compliance related regulations.
f. Leads development and on-going updates of compliance related documentation (e.g., pertaining to IRS Publications 1075 and 4812), as assigned.
2. Issue Management and Reporting
a. Coordinate development of, and on-going revisions to, remediation plans for issues resulting from information security audits conducted by both internal and external auditors (e.g., POAM's, CAP's, etc.).
b. Track and report on remediation status of all IT Compliance related issues.
c. Manage and coordinate process by which owners of IT Compliance related issues submit requests for exceptions and/or acceptance of risk.
3. Test Planning and Execution
a. Identify components to be tested and controls included for each component assigned to the analyst (e.g., mainframe application, general support system components like Networks and PBX, open systems).
b. Create detailed test plans for areas of responsibility. Work with Control Owners and other participants.
c. Execute testing. Work with Control Owners to communicate the testing requirements based on the in-scope controls and appropriate test methods in accordance with applicable regulatory assessment objectives. Gather and evaluate evidence. Document and communicate testing results to Control Owners and other participants.
d. Prepare detailed evidence to support compliance of controls tested.
e. Manage document storage/portal for testing evidence.
4. IT Compliance Policy Management
a. Assist in developing corporate wide IT Compliance policies, programs and standards to ensure that the company's systems and information assets are in compliance with applicable laws and regulations.
b. Liaison with Legal, Human Resources, and Internal Audit to ensure IT Compliance programs are in alignment with corporate strategies, regulatory requirements and legal guidelines.
5. Project Work
a. Develop and maintain library and inventory for audit reports and related documentation.
b. Work with control owners to update controls based upon regulatory source updates and/or additions to Navient's regulatory requirements.
c. Rely on risk management expertise to recommend enhancements based on current industry trends or federal guidelines.
d. Perform other duties and special projects as may be assigned.
* Bachelor's Degree in Information Systems, Business, Accounting or equivalent experience
* 5 years minimum experience in Information Technology, Information Security, Compliance and/or auditing/controls testing
* Excellent project management skills.
* Ability to meet project due dates.
* Excellent written and verbal communication skills, including presentation skills.
* Ability to simultaneously work on multiple projects.
* Ability to recognize/analyze/and document deficiencies and articulate those deficiencies to key management personnel.
* Excellent organizational skills.
* Excellent analytical skills and problem solving ability.
* Ability to make recommendations and decisions independently.
* Ability to perform well under pressure and to work independently with high levels of initiative.
* Proficient in Microsoft Excel.
Other Helpful Experience:
* Certified Information Systems Auditor (CISA) or Certified Internal Auditor (CIA)
* FISMA/NIST, FFIEC, HIPAA, GLBA, IRS Pub 1075, IRS Pub 4812, and/or PCI regulatory framework experience and knowledge
All offers of employment are contingent on standard background checks. Navient and certain of its affiliated companies are federal, state and/or local government contractors. Should this position support a federal government contract, now or in the future, the successful candidate will be subject to a background check conducted by the U.S. Government to determine eligibility and suitability for federal contract employment for public trust or sensitive positions. Positions that support state and/or local contracts also may require additional background checks to determine eligibility and suitability.
EOE Minority/Female/Disability/Protected Vet/Sexual Orientation/Gender Identity Navient Corporation and its subsidiaries are not sponsored by or agencies of the United States of America. Navient is a drug free workplace.
Fishers, IN; Arcade, NY
Oct 11, 2017
Sallie Mae, Inc.
Website : https://www.salliemae.com/
Sallie Mae (NASDAQ: SLM) is the nation’s No. 1 financial services company specializing in education. Celebrating 40 years of making a difference, Sallie Mae continues to turn education dreams into reality for American families, today serving 25 million customers. With products and services that include 529 college savings plans, Upromise rewards, scholarship search and planning tools, education loans, insurance, and online banking, Sallie Mae offers solutions that help families save, plan, and pay for college. Sallie Mae also provides financial services to hundreds of college campuses as well as to federal and state governments. Learn more at SallieMae.com. Commonly known as Sallie Mae, SLM Corporation and its subsidiaries are not sponsored by or agencies of the United States of America.