IT Compliance Manager

General Summary : At Steve Madden, the IT Compliance Manager's role is to assess and oversee all technology-related compliance issues across the organization including regulatory, information security, data privacy, business continuity, identity management, user access and data integrity. This includes providing objective risk assessments of the company's compliance with all regulatory, organizational and commercial requirements governing the organization's information technology and security systems. The IT Compliance Manager will also direct the development and implementation of IT / Information Security policies, procedures and controls to ensure that Steve Madden's practices remain observant to all pertinent local, state, federal and global laws and industry standards. In this role, the IT Compliance Manager will also work directly with some non-IT professionals such as Legal, Information Security, Finance, Internal Audit, External Auditors, Human Resources and Corporate Compliance to ensure organizational alignment. This position is also responsible for supporting the Chief Information Security Officer in the conducting of PCI-DSS, IT SOx 404, EU GDPR, a third-party vendor and data privacy audits on an annual basis.

Major Responsibilities :

• Determine and maintain an inventory of all regulatory, commercial and organizational technology compliance requirements.
• Assists with the company's annual PCI audit, filing, and development of the SAQ and Attestation of Compliance.
• Review required external vendor SSAE18 SOC 1 and SOC 2 documentation.
• Facilitate the creation and upkeep of all technology compliance policies.
• Create an IT compliance risk assessment scorecard and periodically assess the regulatory, commercial, governmental and organizational IT compliance risks.
• Identify the associated IT compliance control gaps and oversee the documentation, implementation, testing and remediation of the entire IT compliance control portfolio.
• Assists with the annual IT SOx internal / external audits and remediation planning.
• Reviews and creates periodic audit reports on user access and system activities.
• Develop and direct IT compliance control monitoring programs to ensure IT compliance-related risks are managed to the appropriate level of acceptable corporate risk.
• Implement and maintain an IT compliance issue management tracking and resolution process that will address known issues, according to severity and potential impact to the organization.
• Report the levels of IT compliance risk and control effectiveness to key stakeholders such as IT-business unit management, senior management, the board of directors, legal, regulators, internal / external auditors, etc.
• Coordinate audit-related tasks such as ensuring the readiness of IT managers and their organizations for audit testing and facilitating the timely resolution of any audit findings.
• Provide technical advice and insight on compliance requirements to business leaders.
• Assist business and IT managers with the acquisition of tools and applications to assist with IT compliance-related projects, audits, and initiatives.
• Familiarity with developing business impact analysis (BIA) and business continuity plans.
• Assist with the conducting of external vendor audits for all vendors that we share systems and data.
• Create an IT compliance training and awareness program that periodically educates the user community on the relevant IT compliance requirements, and certifies their adherence to the relevant IT compliance controls.

Job Specific Requirements :

Salary Range : The pay range of this position is $120,000 - $140,000. Actual salary will be determined based off candidate's skill sets, years of experience, and other job-related factors. This range does not include benefits such as health insurance, paid time off, 401K, and additional company benefits.

Salary : $120,000 - $140,000