We are looking for a Director of IT Compliance to join our team in Dallas, TX. The Director of IT Compliance will provide guidance to Profit Centers for compliance related activities and facilitate processes related to quarterly and annual attestations for IT General Controls. The Director of IT Compliance will Manage, coordinate and participate in activities including but not limited to; IT Controls, IT Compliance Program, ServiceNow Governance, Risk & Compliance Business, Regulatory Impact Assessments. We are a unique and decentralized publicly traded organization (NYSE: BRO) that has grown to become the sixth largest insurance intermediary in the country. Our unique corporate culture rewards self-starters and hard workers who adhere to our commitment to do what is best for our clients.
Essential Duties and Functions: include the following. Other duties may be assigned.
IT Compliance Program
Day to day management of the IT Compliance Program
Identify, socialize and implement improvements and maturity to the program – continuous improvement
IT controls –
Manage and oversee completion of annual (or more frequent) reviews of IT controls, narratives and associated process flows
Manage maintenance of controls, working with the control owners, in the Governance, Risk and Compliance (GRC) tool.
Maintenance and quality of data for GRC functions and participate in enhancements and maintenance of the Configuration Management Database (CMDB)
Identify recommendations for improvements to IT controls, risk management, related processes and self-assessments
Oversight/Review of adherence to controls/compliance execution –
Instigate reviews of performance of controls at defined times during the year.
Management of the monitoring that controls are executed and appropriately documented by the IT control owner at prescribed intervals. Track areas requiring remediation and work with control owners on remediation plans.
Propose and maintain compliance related IT corporate policies
Liaison with Financial Compliance, Internal Audit and External Audit for IT –
IT representative for annual review and feedback for the development of the list of financially significant systems, associated business process owners and vendors that are involved in development and hosting activities for these systems.
Work with Financial Compliance and Internal Audit on enhancements to IT Compliance, SOX audit and other areas related to compliance and controls to provide continuous improvement and value to the business.
Liaison with IT Security, Operations, Infrastructure and Application Development teams –
To provide input to responses on carrier or other third-party service provider questionnaires
Consult on changes to processes or procedures that would impact IT Compliance components.
Coordinate mature of the IT Compliance Program as BETS model matures and standardization is expanded across the organization.
Regulatory & Industry Standards Compliance
Work with Division CIO/CTOs and Profit Center representatives on initiatives to remain compliant with regulations (ex. SOX, AICPA, HIPPA, NY Cyber, etc.) and industry standards, frameworks and certifications (ex. PCI/DSS, COBIT, NIST, HITRUST, COSO, etc) applying to Brown & Brown and associated subsidiaries.
Consult with Divisions and Profit Centers on areas related to regulatory and industry standards, in coordination with Legal and other related departments
Stakeholder Management & Reporting
Provide reports to IT management and other stakeholders on the status of compliance related to their areas of responsibility.
Maintenance of the Profit Center Location database??
Works with the ServiceNow Support Team, in conjunction with the Senior Director of the Office of the CIO to implement agreed to functionality in ServiceNow GRC tool.
Foster collaborative relationships with the CIO, Senior Directors within IT (Infrastructure, Production Support Services, Division CIOs) as well as Legal, Internal Audit and Security.
Recruiting, mentoring, and developing IT staff and future IT leaders.
Perform other specific duties and projects as assigned
Bachelor’s degree required; BS/BA in Computer Science, Management Information Systems, or business-related discipline.
5-8 years of management role in Internal Audit, IT Audit, or Risk Assurance with exposure to Sarbanes-Oxley, Enterprise Risk Management, and IT General Controls
Proficiency in Microsoft Office Products
Ability to travel approximately 50%
Ability to work independently, with limited required direction and guidance.
Analytical and Problem-Solving Skills
Big 4 or Mid 12 experience in consulting, audit or risk compliance
Master’s degree is preferable
CISA, CISSP, or similar ISACA certifications are a plus
Experience and working knowledge of HITRUST, PCI, NY Cyber and other insurance related industry regulations.