Audit and Compliance Manager
The Climate Corporation is revolutionizing the agriculture industry with a platform and products that help the world’s farmers sustainably increase their productivity with digital tools. We are a global digital products and services company, subject to many statutory and regulatory security and privacy compliance obligations such as data protection law, e-marketing rules, and security of network and information systems, to name a few.
Our internal Audit team regularly tests our administrative, physical, and technical controls and associated policy, standards, baselines, guidelines, and Standard Operating Procedures (SOPs), to measure us against our self-stated practices and performance. Detailed audit reports point out where we are failing. You will take Audit findings and work with Engineering Management and their teams to help them understand the results provided. You will work to help teams develop appropriate and sufficient Audit remediation plans, and will work with Audit to ensure that the submitted plans are deemed sufficient to address findings. You will work with the teams to monitor execution of their Audit remediation plans, to ensure that they remain on track.
You will work with cross-functional Audit teams to identify applicable statutory and regulatory compliance obligations that Climate must adhere to, and work with Engineering and Operations teams, to translate those obligations into product features, enhancements, functionality, and services. You will be responsible for tracking implementation activity against the plan, and report progress to the Security Office and to Executive Management.
You will work with the Engineering teams to communicate the policies and standards, and to guide and steer them in the development of controls to implement them. You will work with the Education and Awareness team to develop training for Climate Staff in the policy and standards, appropriate for their job roles.
What You Will Do:
- Work directly with Engineering senior management and their teams to help each understand Audit procedure, facilitate a smooth audit process, deliver Audit findings, and assist with development and reporting of remediation plans.
- Work with the same senior management and their teams to make them aware of our compliance obligations, and to ensure that they take proactive steps to ensure verifiable compliance in our products and services, and business operations.
- Work with the Security Office to ensure that Audit and Compliance activities are aligned with the Information Security Management System (ISMS), to adequately capture, quantify, and report risk based based on negative Audit findings and identified areas of non-compliance with statutory and regulatory security and privacy obligations, and to provide your expertise and insight in setting strategy and direction for the information security program.
- Effectively communicate audit issues and related recommendations in both technical and non-technical terms to Operational and IT management. Make sound recommendations for audit finding rankings and effectively support conclusions during discussions with audit clients.
- Contributes to continuous improvement (CI) efforts. Begin leading root cause problem solving efforts and participate in department-wide CI efforts.
- Identify and drive areas for quick wins to help improve our information security and technology risk posture in the near term, while keeping an eye on how those wins fit into the overall long-term Information technology (IT) /Information Security (IS) governance and risk oversight strategy; Provide recommendations for possible improvements and upgrades.
- Champion internal controls and IT governance concepts throughout the organization.
- Take an active role in facilitating the training and development of less experienced team members.
- Be an advocate and resource for the organization with respect to ERM/ORM-specific policies and procedures, and drive awareness and understanding of enterprise-wide risks
- Develop methods to monitor and measure risk, compliance, and assurance efforts.
- Review service performance reports identifying any significant issues and variances, initiating, where necessary, corrective actions and ensuring that all outstanding issues are followed up.
- 6+ years of experience in internal audit, international compliance, and enterprise-wide risk management
- Bachelor degree in Accounting, Computer Science, Mathematics, or Science, Computer or Electrical Engineering, or equivalent experience.
- Hands-on IT Audit experience
- Knowledge and expertise of operating within Information Security Management Systems.
- Technical knowledge of routine IT systems and processes, and development of technical and analytical skills to understand more complex technologies. Experience interpreting the associated risks, developing testing approaches, and proposing solutions.
- Strong understanding of the audit methodology, Cyber Security, IT General Controls and Software Development Practices.
- CISA certified
- Advanced degree, such as a JD, Post-Graduate Diploma, or Masters degree.
- Knowledge of changes in IT audit practices, regulatory requirements, and IT Risk frameworks to understand their impact to Auditing and Liberty. (e.g. NIST Cyber, CSC, COBIT, ISO2700x)
- Strong knowledge in IT controls, risk assessments, and the design and testing of security controls;
- Knowledge of industry-standard and organizationally accepted analysis principles and methods.
- Knowledge of Risk Management Framework (RMF) requirements.
- Results-oriented with the demonstrated ability to effectively prioritize and successfully manage security-related projects.
- Team management and leadership skills.
- Experience presenting complex technical cybersecurity and privacy issues and solutions in a concise and easy to understand manner to senior and executive management.
What We Offer:
Our teams are composed of industry experts, top scientists, and talented engineers. The environment is extremely engaging and fast-paced, with dozens of specialties coming together to provide the best possible products and experiences for our customers.
We provide competitive salaries and some of the best perks in the industry, including:
- Superb medical, dental, vision, life, disability benefits, and a 401k matching program
- A stocked kitchen with a large assortment of snacks & drinks to get you through the day
- Encouragement to get out of the office and into the field with agents and farmers to see first-hand how our products are being used
- We take part and offer various workshops, conferences, meet-up groups, tech-talks, and hackathons to encourage participation and growth in both community involvement and career development
We also hinge our cultural DNA on these five values:
- Inspire one another
- Innovate in all we do
- Leave a mark on the world
- Find the possible in the impossible
- Be direct and transparent
Climate aims to create a welcoming and collaborative environment for our employees in which a diverse set of perspectives and voices are represented and celebrated.
As part of our dedication to the diversity of our workforce, The Climate Corporation is committed to Equal Employment Opportunity and does not discriminate based on race, religion, color, national origin, ethnicity, gender, sex (including pregnancy), protected veteran status, age, disability, sexual orientation, gender identity, gender expression, or any unlawful criterion existing under applicable federal, state, or local laws. If you need assistance or an accommodation due to a disability, you may contact us at email@example.com.