The primary responsibility of the Audit and Compliance Lead is to add value and improve our operations by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes. He/she will be responsible also for the development, dissemination, and implementation of internal audit, risk management and compliance related standards, policies and procedures.
- Reports to the Chief People and Customer Officer and to the Audit & Risk Committee
- Responsible in preparing and administering the audit plan, monitoring of audit performance and Audit & Compliance Department roadmap
- Design, develop and lead the execution of internal audit, including IT/IS Audit, in conformance with the ISPPIA and with ISO 19011 and ISO 27006
- Reviews business processes, evaluate the efficacy of risk management procedures that are currently in place, and create a compliance system that effectively addresses organizational needs
- Manages daily operation of the Audit & Compliance department
- Advise internal management or business partners on the implementation or operation of risk management and compliance programs
- Design or implement improvements in communication, monitoring, or enforcement of compliance with Information Security Management System and Data Privacy policies.
- Verify that all key controls, policies and procedures have been documented, implemented, and communicated;
- Perform and control the full audit cycle including risk management and control management over operations’ effectiveness, financial reliability and compliance with all applicable directives and regulations
- Perform other duties appropriate for this position as assigned
QUALIFICATIONS | COMPETENCIES:
- At least 3 years proven experience in internal audit, risk management and compliance review with Data Privacy Act of 2012, ISO 27001 and other key regulatory requirements
- Has ISO 27001 certification relevant to the role
- Strong understanding of auditing standards and applicable laws and regulations
- Previous exposure to and understanding of ISO 27001 Information Security Management System certification audits and/or with other ISO Management Systems
- Understanding of Risk Management principles and practices, including IT and/or information security risk management
- Aware of key cyber security and data protection/privacy compliance requirements, laws and/or standards (e.g., GDPR, NIST, PCI-DSS)
- Ability to manipulate and analyze large amounts of data and to compile detailed reports
- Has strong attention to detail, analytical, and statistical skills.
- Ability to use sound judgment including maintaining confidentiality
Sprout Solutions is proud to be recognized as a Great Place To Work Certified organization
- Before we can proceed with the application, this is to confirm that you voluntarily give your consent to the following:
1. I Intend to apply for a position with Sprout Solutions Inc.
2. I voluntarily sent / will send my CV to Sprout Solutions Inc.
3. I agree to the processing of my personal and sensitive Information for facilitating my application with Sprout Solutions Inc., In accordance with Sprout Solutions Inc. Privacy Statement and the Data Privacy Act of 2012.
4. I agree to be contacted by Sprout Solutions Inc. and it's 3rd Party Reference provider for the purpose of processing my Job Application.
Sprout Solutions provides equal Opportunity Employment and Welcomes applications from all sectors of the society. Discrimination on the basis of race, religion, age, nationality, ethnicity, gender, citizenship, civil partnership status, or any other grounds as protected by law.