Hemans.
Principal - Cyber Security (GRC) - SOX - Investment Management
Hemans., Arlington, Texas, United States, 76000
Principal - Cyber Security (GRC) - SOX - Investment Management
My client is a world renowned Alternative Investment firm who have seen significant growth and high performance, and are now looking to add a key stakeholder to their IT Controls/Cyber Security GRC program to take a lead role in supporting their Sarbanes Oxley IT program.
This role will report into the CISO and will come with significant career advancement opportunities.
Big 4 experience preferred but not required.
Base pay range $250,000.00/yr - $285,000.00/yr
Between salary and bonus, the compensation will go up to $300,000 plus a market leading benefits package.
Role Responsibilities
Support the Sarbanes‑Oxley (SOX) IT program by ensuring that internal controls—both manual and automated—supporting financial reporting are properly designed and operating effectively.
Develop and lead the global Cybersecurity GRC strategy to ensure alignment, consistency, and effectiveness across all regions, while managing, mentoring, and providing strategic direction to a team of direct reports.
Contribute to SOX scoping and risk assessment activities.
Collaborate with IT and business leaders to design and implement IT General Controls (ITGCs), automated controls, and business controls that address key risks.
Coordinate and lead efforts among SOX co‑sourcing partners, internal and external auditors, control owners, the Data Governance team, Compliance, and regulators to drive cohesive and efficient execution.
Oversee evidence collection for multiple audits and related projects, ensuring all milestones and deadlines are achieved.
Identify, assess, and track the remediation of control deficiencies.
Provide regular reporting on SOX IT status and progress to management.
Enhance efficiency and automation within control monitoring and evidence collection processes.
Evaluate SOC 1 and SOC 2 reports for third‑party applications and assist with the design and implementation of Complementary User Entity Controls.
Develop and maintain Cybersecurity and Disaster Recovery policies.
Manage Change Control processes.
Maintain the IT Risk Register.
Create and manage a comprehensive IT Control Register.
Respond to inquiries regarding IT controls from auditors, regulators, and clients.
Requirements
Strong familiarity with the Public Company Accounting Oversight Board (PCAOB) standards
Familiarity with key IT controls protecting the confidentiality, integrity, and availability of systems
Experience in performing or preparing for SOX audits
Deep understanding of risk management methodologies, frameworks, and principles (e.g. SOX, COBIT, NIST CSF, CSA, ITIL, etc.) to evaluate and recommend optimal approaches to mitigating risk with best‑in‑class controls
Preferred
Bachelor’s degree or higher in Computer Science, Information/Cyber Security, or other related field, or equivalent work experience
Certifications in: CISSP, CISM, CISA, CRISC, ISO, or CGEIT a plus
Familiarity with cybersecurity regulatory and privacy requirements with both US and overseas regulators
Proficiency in using Audit board or similar GRC tools
Prior experience as an independent auditor
Hybrid work arrangement: 3 days in office and 2 days working from home, reporting to the CISO.
Seniority level: Director
Employment type: Full‑time
Job function: Information Technology, Project Management, and Management
Benefits
Medical insurance
Vision insurance
401(k)
Paid maternity leave
Child care support
Pension plan
Disability insurance
#J-18808-Ljbffr
This role will report into the CISO and will come with significant career advancement opportunities.
Big 4 experience preferred but not required.
Base pay range $250,000.00/yr - $285,000.00/yr
Between salary and bonus, the compensation will go up to $300,000 plus a market leading benefits package.
Role Responsibilities
Support the Sarbanes‑Oxley (SOX) IT program by ensuring that internal controls—both manual and automated—supporting financial reporting are properly designed and operating effectively.
Develop and lead the global Cybersecurity GRC strategy to ensure alignment, consistency, and effectiveness across all regions, while managing, mentoring, and providing strategic direction to a team of direct reports.
Contribute to SOX scoping and risk assessment activities.
Collaborate with IT and business leaders to design and implement IT General Controls (ITGCs), automated controls, and business controls that address key risks.
Coordinate and lead efforts among SOX co‑sourcing partners, internal and external auditors, control owners, the Data Governance team, Compliance, and regulators to drive cohesive and efficient execution.
Oversee evidence collection for multiple audits and related projects, ensuring all milestones and deadlines are achieved.
Identify, assess, and track the remediation of control deficiencies.
Provide regular reporting on SOX IT status and progress to management.
Enhance efficiency and automation within control monitoring and evidence collection processes.
Evaluate SOC 1 and SOC 2 reports for third‑party applications and assist with the design and implementation of Complementary User Entity Controls.
Develop and maintain Cybersecurity and Disaster Recovery policies.
Manage Change Control processes.
Maintain the IT Risk Register.
Create and manage a comprehensive IT Control Register.
Respond to inquiries regarding IT controls from auditors, regulators, and clients.
Requirements
Strong familiarity with the Public Company Accounting Oversight Board (PCAOB) standards
Familiarity with key IT controls protecting the confidentiality, integrity, and availability of systems
Experience in performing or preparing for SOX audits
Deep understanding of risk management methodologies, frameworks, and principles (e.g. SOX, COBIT, NIST CSF, CSA, ITIL, etc.) to evaluate and recommend optimal approaches to mitigating risk with best‑in‑class controls
Preferred
Bachelor’s degree or higher in Computer Science, Information/Cyber Security, or other related field, or equivalent work experience
Certifications in: CISSP, CISM, CISA, CRISC, ISO, or CGEIT a plus
Familiarity with cybersecurity regulatory and privacy requirements with both US and overseas regulators
Proficiency in using Audit board or similar GRC tools
Prior experience as an independent auditor
Hybrid work arrangement: 3 days in office and 2 days working from home, reporting to the CISO.
Seniority level: Director
Employment type: Full‑time
Job function: Information Technology, Project Management, and Management
Benefits
Medical insurance
Vision insurance
401(k)
Paid maternity leave
Child care support
Pension plan
Disability insurance
#J-18808-Ljbffr