Principal IT Gov Risk & Compliance - 90294979 - Washington

20 Nov 2024

Vacancy expired!

Your success is a train ride away.

Amtrak connects businesses and communities across the country and we move America's workforce toward the future. We employ more than 20,000 diverse, energetic professionals in a variety of career fields throughout the United States. The safety of our passengers, our employees, the public and our operating environment is our priority and the success of our railroad is the result of our employees.

Are you ready to join our team?

SUMMARY OF DUTIES: The Principal Risk & Compliance Specialist is an experience internal auditor proficient in risk management key controls and standards, supporting, overseeing and monitoring the Company's IT control environment, ensuring IT control findings and risk exposures are identified and addressed in a timely manner. Position evaluates IT infrastructure, operations, and application systems with a goal of ensuring the design and operating effectiveness of the IT controls are upheld. Work plans and measures are instituted to achieve scope, objectives and potential risks are assessed and adequate key IT Controls meet Internal Audit Standards. This role manages all non-security related policies and procedures, ensuring the policies are reviewed periodically and updated as needed.

ESSENTIAL FUNCTIONS: • Manages all non-security related policies and procedures. • Owns the IT policy catalog / repository and conducts IT policy reviews. • Facilitates risk assessments to evaluate, prioritize, and quantify the potential impact of risks and vulnerabilities associated with controls, systems, and findings. • Coordinates and tracks finding responses, supports efforts to mitigate identified risks and threats, and evaluates the documented Plan of Action & Milestones (POA&M) required for each finding. • Works closely with various departments across Amtrak to support a consistent enterprise-wide risk program based on the NIST Risk Management Framework. • Identifies and documents potential risks in a centralized risk register with associated risk assessments and mitigating controls. • Reviews, revises, and where appropriate, proposes new policies and procedures to ensure compliance with applicable laws and regulations. • Leads IT Risk & Compliance team members through development of new or updated IT related policies. • Identifies major risk factors which may prevent Amtrak from achieving its strategic, operational, financial reporting and compliance objectives. • Assumes audit or review lead for multiple Amtrak IT audit projects concurrently, ranging from simple to complex. • Plans and manages compliance testing initiatives, including audits of internal controls, identifying internal IT controls, assessing design compliance and operational effectiveness, determining risk exposures and developing remediation plans. • Creates budget forecasts and participates in the development of IT audit budgets. Tracks and takes appropriate steps to stay within budget. • Works with the Director IT Risk & Compliance and other appropriate leadership to formulate, develop and review audit responses. • Generates appropriate communication, process and educational plans for mitigating the disruption of change. Identifies and removes obstacles to change. • Effectively perform all IT Controls as applicable.

MINIMUM QUALIFICATIONS: • Bachelor's Degree in accounting, information systems or computer science with 7+ years relevant experience or equivalent work experience • 11+ years of relevant work experience to satisfy education and experience requirements • Certified Information System Auditor (CISA) • Experience performing integrated audits • Familiarity with the risk-based audit approach. • Familiarity with industry frameworks (e.g. COSO, COBIT, NIST, etc.), best practice and methodologies • Must possess strong communication and interpersonal skills, work well with others in an integrated team environment, and must be self-motivated • Strong written communication skills.

PREFERRED QUALIFICATIONS: • Master's Degree • Experience working in large complex companies, that heavily rely on real time 24x7 operations to successfully service external customers • Experience in the transportation industry. • SAP ERP security audit experience • At least 7 years of broad IT audit experience to include executing internal audit or risk management consulting engagements.

COMMUNICATIONS AND INTERPERSONAL SKILLS: Must have excellent oral and written communication skills.

SF:LI

Requisition ID: 62241 Posting Location(s): District of Columbia Job Family/Function: Information Technology Relocation Offered: No Travel Requirements: Up to 25%

Amtrak employees power our progress through their performance.

We want your work at Amtrak to be more than a job - we want it to be a fulfilling experience where you find challenging and rewarding opportunities, respect among colleagues, competitive pay, benefits that protect you and your family, and a high performance culture that recognizes and values your contributions and helps you reach your career goals.

We proudly support and encourage U.S. Veterans to apply for Amtrak job opportunities.

All positions require pre-employment background verification, medical review and pre-employment drug screen. Amtrak is committed to a safe and drug-free workplace and performs pre-employment substance abuse testing. All new hires are required to undergo a hair drug test which detects the presence of illegal drugs for months prior to testing.Marijuana,notwithstanding any statute, ordinance, regulation, or other law that legalizes or decriminalizes the use or possession ofmarijuana, whether for medical, recreational, or other use. Candidates who engage in the usage ofmarijuanawillnotbe qualified for hire.We appreciate your cooperation in keeping Amtrak safe and drug-free.

In accordance with DOT regulations (49 CFR section 40.25), Amtrak is required to obtain prior drug and alcohol testing records for applicants/employees intending to perform safety- sensitive duties for covered Department of Transportation positions. If an applicant/employee refuses to provide written consent for Amtrak to obtain these records, he/she will not permitted to perform safety-sensitive functions.

Note that any education requirement listed above may be deemed satisfied if you have an equivalent combination of education, training and experience.

Amtrak is an Affirmative Action/Equal Opportunity Employer and we welcome all to apply. We consider candidates regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, disability (including blindness), or veteran status.

POSTING NOTES: Information Technology Corporate Jobs