Director, IT Compliance / CRP270
Welcome to PSC Industrial Services, Inc. ("PSC"), where expertise, experience and innovation come together.PSC offers a wide range of employment opportunities throughout the U.S. Become a member of a diversified workforce in a Company with a high commitment to the safety of its people, a healthy environment, and ethical business standards. If you are seeking to make an impact in the environmental or industrial services business, we are seeking talented individuals such as yourself to join our team.With thousands of dedicated employees located across the US, PSC has nationwide strength with strong local commitments. What does PSC stand for? People, Service and Commitment. As the industry leader, we don’t just promise these qualities, we live them every day.Headquartered in Houston, TX, PSC is the leading integrated services provider for industrial and environmental cleaning, transporting and remediation services. We continue to welcome individuals with an interest to grow and succeed on both a professional and personal level.
JOB SUMMARY: Implements and directs an effective IT Compliance program, utilizing a risk-based approach in support of Sarbanes-Oxley regulations and corporate policies and directs a structured program focused on Information Security for all applications and production in accordance with Sarbanes-Oxley and PSC policies, practices and procedures. PRINCIPAL DUTIES AND RESPONSIBILITIES:* Leads security operations and administration activities for enterprise security systems. Maintains security reports, procedures, and documentation. Must coordinate a variety of security projects and schedules. Responsible for project planning and status reporting, monitoring for compliance on host and network systems, and investigating, diagnosing and resolving security problems.* Documents, evaluates and tests and monitors SOX Operational and compliance Controls (including those that ensure legal and regulatory compliance) -- Proactively identifies control gaps in advance of auditors and facilitate the development and implementation of remediation actions based on practical solutions and sound risk management. -- Monitors and follows-up on gaps in Internal Controls over Financial Reporting, Operations, Information Technology and Compliance -- Ensures timely Remediation efforts are in place -- Tracks and reports the progress of documentation and testing of controls on a continuous basis -- Assists in Process Improvement Projects for SOX (including enhanced documentation of Process Flows, Entity-level Controls, Business Control Narratives, Rotational Testing Program and Staff Training) -- Coordinates with the Internal/External Audit Groups to leverage and review Test findings -- Ensures adequate Quality Control Reviews are performed and that appropriate steps are taken to eliminate redundant controls* Communicates security decisions and directions to IT department and to user community. Provides consultation and support to users, business units, technical groups, and third party vendors or business partners on all aspects of security and control including policy and strategy, risk assessment, network connectivity, system architecture and design requirements, and security features and solutions for protecting PSC information assets. Coordinates with Corporate Audit, Legal, Human Resources, Loss Prevention, and other departments as appropriate.* Monitors, researches and evaluates current and emerging security technologies, products and tools, as well as security exploitation techniques. Tracks industry trends and monitors current and proposed laws.* Performs I.T. risk assessments, including impact analysis, gap analysis, and scenario development. Documents results and provides updates to advise senior management on issues and appropriate courses of action. * Performs assignments for ensuring compliance with policies and regulations that provide assurance that security and risk management controls are adequate and functioning properly.* Reviews application controls and identify opportunities for control improvement and automation.* Supports internal compliance control testing and monitoring.* Defines and documents data governance approaches for protecting key information assets.* Participates in IT development projects to ensure compliance with access controls and digital asset protection requirements.* Monitors and provides solutions supporting the remediation and correction of Audit issues.* Performs Third Party audit reviews for policy and procedure compliance.* Manages all 3rd party relationships (IT related).* Resolves complex issues with 3rd party vendors.* Reviews and reports vendor SLA performance to senior management.* Reviews and reports monthly variances in spending against annual budget.* Reviews all new contracts for compliance in areas of security and overall impact on enterprise systems.* Reviews and comments on draft third-party contracts for adherence to privacy and other compliance requirements.* Works with Legal to provide privacy and other compliance-related feedback.* Performs security evaluations on in-house and third party software. Evaluates vendor proposals for security applications (hardware, software, or services) and recommends the most advantageous solution to best achieve the business unit(s) goals while maintaining the security and control of the Company's electronic resources.* Leads or participates in the development of security standards and procedures.* Coordinates, publishes and maintains information security policies and guidelines. * Develops and coordinates company-wide information security education, communication, and awareness programs.* Leads or participates in cross-functional or cross-organizational teams as consultant on security issues related to short- or long-term information technology solutions.* Acts as liaison during audits with internal audit department, outsourced auditors and external public auditors. * Acting project manager during formal outsourced and external audit projects including tracking of testing results and deficiency remediation. * Policy and procedure educator for executive management, regional management, application owners, business stakeholders and other IT staff. * Arbiter for questions and disputes involving IT policies and procedures. * Periodic guidance, review, testing and remediation for the policies and procedures for which application owners are responsible and for the ongoing tasks related to policies and procedures or best practice for which other IT staff are responsible.* Owner and manager of software license and hardware warranty library, including maintaining licensing levels consistent with usage and planning for growth. * Provides guidance and coordination on the use and administration of the Company's security systems to all departments, divisions, suppliers, customers, and business partners utilizing Company information assets.* Networks with industry peers and represents the Company in IT security professional venues.SCOPE: Number of Reports:* Direct: -- Sr. Configuration Manager & Internal Compliance and Security Coordinator* Indirect: 0MEASURES OF PERFORMANCE:* Audit Results* Security controlsEDUCATION/CREDENTIALS:* Undergraduate degree in information technology,computer science or computer engineering or related field of studyJOB RELATED EXPERIENCE:* 10 + years of progressively responsible experience* Internal Audit or Compliance Management experience required; CISA or related certification beneficial;Microsoft or other certifications relating to Information Systems such as directed MCP’s beneficial.DEMONSTRATED KNOWLEDGE, SKILLS AND ABILITIES:* Knowledge of PCAOB and Sarbanes-Oxley (SOX) requirements * Effective leadership skills to lead and engage proper resources to resolve problems.* Excellent understanding of data analysis, normalization and rationalization* Strong internal customer focus * Track record of successful systems implementations involving implementation of new technologies and processes* Well-developed business acumen * Well-developed ability to translate business acumen into actionable plans* Well-developed people management and development abilities* Well-developed technical writing and verbal communication skills* Effective communication skills with all levels of management * Well-developed planning and organization skills* Well-developed ability to prioritize to meet multiple deadlines* Well-developed ability to operate in an ambiguous environment* Well-developed analytical skills* Well-developed ability to build positive relationships and handle conflict resolutionWORKING CONDITIONS:* Office work environment* Travel: minimal