IT Compliance Specialist - Remote

Job ID: 495177

Oldcastle APG, a CRH Company, is the leading provider of outdoor living solutions in North America with an award-winning portfolio that enables customers to Live Well Outside. Inspiring endless possibilities with enduring performance, its collection of premier building products create inviting outdoor spaces where people connect, reflect and recharge. The manufacturer’s signature brands include Belgard® and Echelon® hardscape and masonry materials; Barrette Outdoor Living® and MoistureShield® fencing, decking and railing; Sakrete® and Amerimix® packaged concrete and mortar; Techniseal® sands, jointing technologies and surface protectors; PebbleTec® pool finishes; plus popular brands of landscape and gardening materials.

Job Summary

The IT Compliance Specialist at Oldcastle APG supports the development and implementation of compliance programs, policies, reporting, and practices. We are looking for a professional that will work with the team to help enhance current processes and that will ultimately ensure that our IT operations comply with legal regulatory standards, procedures, and policies. Primary duties will include working to automate current processes and working with various groups to help collect data to comply with internal and external audits and Information Security policies.

Responsibilities

• Perform Risk Assessments: Evaluate the organization's IT environment to identify potential security risks and threats. This involves reviewing security policies, procedures, and controls.
• SOX Compliance Reviews: Ensure that the organization's IT practices comply with SOX standards, regulations, and internal policies.
• Access Controls Review: Examine access controls to verify that only authorized personnel have appropriate access to sensitive information and resources.
• Incident Response Evaluation: Review the organization's incident response plan and assess its readiness to handle security incidents effectively.
• Security Awareness Training: Evaluate the organization's security awareness training program to ensure employees are well-informed about security best practices.
• Vendor and Third-Party Assessments: Assess the security practices of vendors and third-party service providers to ensure they meet the organization's security requirements.

Requirements

• Knowledge of Sarbanes-Oxley Act: Familiarity with the provisions, requirements, and objectives of the Sarbanes-Oxley Act is essential.
• IT Compliance Standards: Stay up to date with relevant IT compliance standards such as ISO 27001 (Information Security Management System), NIST (National Institute of Standards and Technology) Cybersecurity Framework, and PCI DSS (Payment Card Industry Data Security Standard). Understand how these standards relate to SOX compliance.
• Information Security: Possess knowledge of information security principles, best practices, and controls. Understand how to assess the effectiveness of security controls, identify vulnerabilities, and recommend remediation measures.
• Internal Control Frameworks: You should understand the components of internal control, risk assessment, control activities, and monitoring.
• Audit and Compliance Experience: Experience in auditing, either as an internal auditor or external auditor, is highly valuable. Knowledge of auditing procedures, documentation, and risk assessment methodologies is important in ensuring compliance with SOX regulations.
• Communication and Collaboration: Effective communication skills are essential for working with cross-functional teams, including finance, accounting, and IT departments. You will need to communicate compliance requirements, collaborate on control testing, and provide guidance to stakeholders.
• Data Manipulation: Proficiency in working with Excel. This includes the ability to extract, clean, transform, and load data from different sources.
• Data Security and Privacy: Awareness of data security and privacy regulations is crucial. Understanding how to handle sensitive data, implement data anonymization techniques, and comply with privacy laws like GDPR or HIPAA is essential.
• Continuous Learning: Compliance requirements and regulations are subject to change, so it's crucial to stay updated with the latest developments in SOX and other relevant regulations. Continual learning and professional development in the field of compliance are essential.
• 3+ years of experience in compliance, technical writing, or a related field.
• Strong technical writing skills with experience developing policies, procedures, and other compliance documentation.
• Ability to work independently and manage multiple priorities in a fast-paced environment.
• Strong analytical and problem-solving skills.
• Detail-oriented with a focus on accuracy and quality.
• Bachelor's degree in a related field (such as computer science, information systems, or business) or equivalent work experience.
• Desirable certifications: CISA, CIA, CISSP, CRISC, other relevant certifications are considered.

What CRH Offers You

• Highly competitive base pay
• Comprehensive medical, dental and disability benefits programs
• Group retirement savings program
• Health and wellness programs
• A diverse and inclusive culture that values opportunity for growth, development, and internal promotion

About CRH

CRH has a long and proud heritage. We are a collection of hundreds of family businesses, regional companies and large enterprises that together form the CRH family. CRH operates in a decentralized, diversified structure that allows you to work in a small company environment while having the career opportunities of large international organization.

If you’re up for a rewarding challenge, we invite you to take the first step and apply today! Once you click apply now, you will be brought to our official employment application. Please complete your online profile and it will be sent to the hiring manager. Our system allows you to view and track your status 24 hours a day. Thank you for your interest!

Oldcastle APG, a CRH Company, is an Affirmative Action and Equal Opportunity Employer.

EOE/Vet/Disability--If you want to know more, please click on this link.