Start Your Job Search:

View All Jobs at TravelCenters of America

Supervisor, IT Risk & Compliance in Westlake, OH at TravelCenters of America

Date Posted: 1/28/2021

Job Snapshot

  • Employee Type:
    Full-Time
  • Location:
    Westlake, OH
  • Job Type:
  • Experience:
    Not Specified
  • Date Posted:
    1/28/2021

Job Description

The IT Risk & Compliance Supervisor is responsible for the development and implementation of security, risk, and compliance best practices and is a key influencer in driving governance, risk and compliance (GRC).  The IT Risk & Compliance Supervisor assists management in defining the control objectives and guides and monitors governance, risk, and compliance efforts for Sarbanes-Oxley 404 (SOX), Payment Card Industry Data Security Standards (PCI-DSS), California Consumer Privacy Act (CCPA), industry laws, regulations, and frameworks.  He or she will act as the liaison between Information Systems, Internal Audit and the external audit teams.  The IT Risk & Compliance Supervisor will facilitate the review and remediation of control gaps and escalate possible critical issues to management.  The IT Risk & Compliance Supervisor identifies areas of potential improvement for key processes and procedures. He or she is responsible for working with different business owners on implementation, execution and compliance with entity-level controls.

The IT Risk & Compliance Supervisor will also lead other governance risk and compliance activities and initiatives as necessary. This includes, but is not limited to, creation and enhancement of policies and procedures, third party vendor management, risk and security metrics and reporting, data governance, data loss prevention, and performing risk assessments.

The IT Risk & Compliance Supervisor should have experience in Information Technology including knowledge of auditing principles, auditing standards, SOX requirements, PCI-DSS, data governance, data loss prevention(DLP), industry laws, regulations, and frameworks.

Duties and Responsibilities

  1. Responsible for the strategic leadership of the IT Risk & Compliance area.
  2. Establish annual and long-range risk and compliance goals, define strategies, metrics, reporting mechanisms and program services; and create maturity models and a roadmap for continual program improvements.
  3. Mentor the IT Risk & Compliance team members and implement professional development plans for all members of the team.
  4. Work with process owners in developing and maintaining documentation for SOX, PCI-DSS, industry laws, regulations, and frameworks.
  5. Facilitate interaction and communication between Information Systems, Internal Audit, and external auditors.
  6. Work with process owners to remediate any design or operating effectiveness issues.
  7. Establish procedures to ensure that compliance documentation is accurate and current.
  8. Facilitate a testing plan to ensure that all compliance testing is completed in a timely manner.
  9. Ensure testing results are provided in a timely manner.
  10. Conduct periodic internal reviews or audits to ensure that procedures and controls are followed.
  11. Identify compliance issues that require follow-up or investigation.
  12. Verify that software technology is in place to adequately provide oversight and monitoring in all required areas.
  13. Maintain documentation of compliance activities including, controls, evidence collection, etc.
  14. Advise internal management or business partners on the implementation or operation of governance, risk, and compliance programs.
  15. Provide employee training on risk and compliance related topics, policies, or procedures.
  16. Provide assistance to internal or external auditors in risk and compliance reviews.
  17. Keep informed regarding pending industry changes, trends, and best practices and assess the potential impact of these changes on organizational processes.
  18. Verify that all firm and regulatory policies and procedures have been documented, implemented, and communicated.
  19. Contribute to the creation, improvement, and maintenance of information security policies, standards, and control procedures.
  20. Maintain, track and report risk, including creation and management of relevant metrics, across the enterprise
  21. Practical working knowledge in SOX and one of the following governance, risk and compliance (GRC) frameworks:    PCI DSS, NIST CSF, NIST 800-53, CIS CSC, CCPA
  22. Support the third party risk program by analyzing responses to third party assessment questionnaires and reviewing supporting documentation (SOC reports, etc.) received from vendors.
  23. Develop, enhance, and update policies, procedures, and standards.
  24. Perform and participate in risk assessments as necessary.
  25. Creation and maintenance of the Data Classification and Data Governance Policies
  26. Administration of the Data Loss Prevention (DLP) program and tools which includes configuring policies, monitoring and responding to alerts, vendor management, and maintenance

Qualifications

  1. Undergraduate degree in computer information technology, computer engineering, accounting, or related degree, or equivalent experience
  2. Certified Information Systems Auditor(CISA) preferred
  3. 7+ Years of IT Operations or IT Audit experience
  4. Solid understanding of IT General Controls
  5. Solid understanding of Risk assessment methodology
  6. Solid understanding of PCI and related standards

Working Conditions / Physical Requirements

In this role, the employee is continuously sitting and typing, frequently talking and using eye and hand coordination and may also be required to climb or balance; stoop, kneel, crouch or crawl. The employee is occasionally required to lift and/or move objects.  Specific vision abilities required by this job include close vision, distance vision, color vision, peripheral vision, depth perception and ability to adjust focus. Standing, walking, bending over, and repetitive use of legs are done occasionally.  All performed with or without a reasonable accommodation.    

Schedule is typical workday but requires 24x7x365 on-call support.

Disclaimer

This job description may not list all duties for this position.   The incumbent in the position may be asked to perform other duties.  TA Operating LLC reserves the right to revise the job description at any time.   This job description is not a contract for employment, and either the incumbent or TA Operating LLC may terminate employment at any time, for any reason.

Not Ready to Apply Yet?

Why not join our talent network! Talent Networks enhance your job search and application process. Whether you choose to apply or just leave your information, we look forward to staying connected with you.