The Sr. Manager, IT Governance & Risk Compliance is responsible to identify, develop, coordinate and monitor Information Technology controls to ensure oversight and compliance with regulatory, audit and contracting requirements.  Responsible for communicating risk management plans to Managers, Directors and VPs across the enterprise and conduct/participate in risk, threat & vulnerability studies as well as impact assessments.  This role is also responsible to support disaster recovery programs, ensuring timely recovery following an interruption in service caused by a system outage or declared disaster.  

Core Function: 

Identify, monitor, plan and coordinate teams responsible for validating effectiveness of security, governance, risk, and compliance programs.  Align the planning and execution of IT and audit, while ensuring quality and adherence to adopted standard methodologies.  Develop and conduct guidance for advisory reviews related to systems implementations, strategies, mergers, acquisitions, instances of fraud and service interruptions. 

Contribute to a sustainable IT general control environment, through involvement in key IT internal control activities.  Coordinate with the Business Units to align controls with company policies, trends, and best practices.  Organize with internal and external audit to facilitate audit requirements as it relates to policies, narratives, and self-assessment documentation.  Participate in risk assessment activities across the IT organization, including 3rd party technical risk assessments.  Participate in risk management, compliance, and internal control initiatives as needed.

Serve as a subject matter expert, to help facilitate the identification and assessment of IT risks and to improve the effectiveness and efficiency of internal controls.  Identify and makes recommendations regarding the implementation of technology-based tools to support risk mitigation initiatives.

Responsibilities and Duties:

Directly responsible for global procedures and controls to assure compliance with applicable regulatory, audit and contract requirements, as well as good business practices.Oversee IT compliance policies, standards, guidelines and baselines. Identify variances and jointly develop action plans with business unit leadership to remediate.Establish and oversee formal risk analysis and self-assessments program for systems and processes.Develop and implement continuity programs and risk mitigation actions in support of disaster recovery and system life cycle management.Develop, implement and monitor compliance programs to enforce ITAR/DFAR, PCI, various privacy laws as well as contract, licensing and usage requirements.Liaise with Internal Audit, Corporate Compliance, General Counsel and Business Unit leadership on all compliance efforts and projects.Be the IT subject matter expert on IT related compliance and legal trends through training, research and development to mitigate potential exposures.Train other staff, business units and external clients as necessary.

                                                                  

Qualifications and Competencies:

Bachelor’s degree in a related area such as; Computer Science or Information Technology.Experience in the following IT compliance framework standards: COSO, ISO27001, PCI-DSS, COBIT, and ITIL.Strong risk assessment/audit capabilities with hands on experience in many technologies and platforms across a broad range of industries.Strongly recommend one or more of the following risk-related industry-standard qualifications such as Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT) and Certificate of the Business Continuity Institute (CBCI).Experience in the following IT compliance framework standards: COSO, ISO27001, PCI-DSS, COBIT, and ITIL.Strong risk assessment/audit capabilities with hands on experience in many technologies and platforms across a broad range of industries.

This description has been designed to indicate the general nature and level of work being performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job.

Crane Company. is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of race, color, religion, gender, sexual orientation, general identity, national origin, disability or veteran status.