The IT Compliance Program Manager will oversee the IT controls, processes, and transactions to ensure they follow all relevant regulatory, legal, and internal compliance guidelines.
What You'll Work On
Develop the IT General Controls Framework, implement and manage an effective IT controls audit and compliance program for the enterprise across all domains of IT, and manage cybersecurity risk to the business. Ability to self-audit with limited assistance from system or service owners across all IT domains i.e., Network, Cloud, IAM, Data, Application, IoT, IT and Security Operations/ Engineering. Partner with peer teams and business where necessary. Expected to be self-reliant on security audits, reviews, evidence retrieval. Engage with 3rd party auditors on testing/walk-throughs and address any security gaps. Create and manage effective action plans in response to audit discoveries and compliance violations. Partner with system owners on IT services audit outcomes, risk management and compliance reporting. Advise management on the company’s compliance with laws and regulations through detailed reports. Develop, and up-keep company IT security policies and procedures. Regularly audit company procedures, practices, and documents to identify possible weaknesses or risks. Ensure stakeholders are educated on the latest regulations and processes. Resolve business concerns about regulatory and legal compliance. Maintain positive rapport with IT teams, business, and auditors through effective communications. Develop, self-audit, manage, and oversee IT Controls across all domains of IT i.e., Network security, Cloud Security, Infrastructure security, End-point security, IAM, Data security, Endpoint security, Application security, IT/ Security operations, ensuring internal and regulatory compliance, working with peer teams to address any gaps and report on compliance. Adhere to the Company’s Quality Management System (QMS) as well as domestic and global quality system regulations, standards, and procedures. Understand relevant security, privacy and compliance principles and adhere to the regulations, standards, and procedures that are applicable to the Company. Ensure other members of the department follow the QMS, regulations, standards, and procedures. Perform other work-related duties as assigned.What You'll Bring
Bachelor's degree in computer science or related field with 10+ years of experience, or equivalent combination of education and experience10+ years’ hands-on experience preferred in developing, implementing, and managing enterprise IT audit, governance, and compliance framework. Ability to develop ITGC framework, implement and manage audit, governance, and compliance across all IT domains i.e., Network, Cloud, IAM, Endpoint, Data, Applications and Operations Self-reliant & motivated, with expert level understanding of IT technology stack across Network, IAM, Endpoint, Data, Applications.Fully self-reliant, hands-on capability across IT technology stack across Network, Cloud, IAM, Endpoint, Data & Applications. This role will be responsible for accessing and auditing, IT controls, configuration hardening, IAM configurations etc. across routers, switches, WLC’s etc. Example: Given an application domain, you will be responsible for auditing applications security stack, runtime protection, API security etc. Expert level knowledge of audit, governance, and compliance frameworks Expert level knowledge of cybersecurity risk management frameworks Strong knowledge of technology landscape, regulatory/legal requirements, and procedures Highly analytical with strong attention to detail. Strong oral, written, and interpersonal communication skills Proficiency with MS Word, Excel, and PowerPoint Excellent organizational skills with ability to prioritize assignments while handling various projects simultaneously.Working Conditions
General office environment. Willingness and ability to work on site. May have business travel from 0% - 5%. Requires some lifting and moving of up to 15 pounds. Must be able to move between buildings and floors. Must be able to remain stationary and use a computer or other standard office equipment, such as a printer or copy machine, for an extensive period of time each day. Must be able to read, prepare emails, and produce documents and spreadsheets. Must be able to move within the office and access file cabinets or supplies, as needed. Must be able to communicate and exchange accurate information with employees at all levels on a daily basis.
Starting Base Salary Is: $146,332 to $117,880Individual compensation will vary based on factors such as qualifications, skill level, competencies, work location and shift, and will increase over time based on meeting performance and business needs.What We Offer
•A collaborative teamwork environment where learning is constant, and performance is rewarded.
•The opportunity to be part of the team that is revolutionizing the treatment of some of the world's most devastating diseases.
•A generous benefits package for eligible employees that includes medical, dental, vision, life, AD&D, short and long-term disability insurance, 401(k) with employer match, an employee stock purchase plan, paid parental leave, eleven paid company holidays per year, a minimum of fifteen days of accrued vacation per year, which increases with tenure, and paid sick time in compliance with applicable law(s).
Penumbra, Inc., headquartered in Alameda, California, is a global healthcare company focused on innovative therapies. Penumbra designs, develops, manufactures, and markets novel products and has a broad portfolio that addresses challenging medical conditions in markets with significant unmet need. Penumbra sells its products to hospitals and healthcare providers primarily through its direct sales organization in the United States, most of Europe, Canada, and Australia, and through distributors in select international markets. The Penumbra logo is a trademark of Penumbra, Inc.
Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, age, disability, military or veteran status, or any other characteristic protected by federal, state, or local laws.
