Wolters Kluwer

We have a need for a Senior IT Technical Compliance Lead on the team, as this is a current skill gap within the team. The Technical lead will work with internal Subject Matter Experts (SMEs) in accordance with independence requirements to provide understandings on regulations or standards requirements related to control designs, placement, and operations. Educate control owners on rules of collecting and documenting evidence and testing requirements to reduce the risks of findings/observations in all periods. The Technical Lead will also assist control owners in addressing remediation of all findings and observations identified from all sources of audits from both internal and external entities that may affect’s WK’s ability to obtain third-party attestation or certification.

Responsibilities:

Technical Compliance Responsibilities:

• Represent the Compliance team on all technical projects, ensuring that the technology controls are designed to meet compliance requirements mandates for the projects.
• Involved in developing technical implementation specifications and guidelines to assist technology teams implementing controls that are not only compliant but improves the effectiveness of the controls while maintaining compliance.
• Support the Client Due Diligence (CDD) to develop technical summaries outlining the technology transformation efforts to highlight the maturity of WK’s cybersecurity program.
• Collaborate with peers across GBS teams to align compliance strategies with project goals.
• Prioritize projects based on risk and effect to the business.
• Ensure the appropriate technical metrics are identified, measured, and reported to demonstrates the effectiveness of the security compliance program.

Compliance Oversight and Responsibilities:

• Educate control owners and business partners on requirements from several regulatory frameworks such as GDPR, HIPAA, PCI-DSS, etc.
• Ensure that controls are defined, assigned to owners, and are integrated into the audit work program.
• Consult with technical operational and engineering teams to ensure controls are developed to address the objectives of the requirements.
• Conduct gap analyses to identify areas that require attention, including security measures implemented to address cyber threats.
• Engage with control owners associated with the Products to prepare for potential audits and legal or regulatory requirements related to compliance.

Audit and Third-Party Assurance Management Responsibilities:

• Support the team in discussion with internal and external auditors to ensure that all technical controls are communicated to the auditors to ensure audits are performed smoothly.
• Review audit findings and works with relevant departments to address identified gaps and vulnerabilities.
• Provide the Director of compliance with insights into technical gaps from audit outcomes and implications.
• Ensure that audit reports are thoroughly documented and securely stored for future reference.

Accurate and Timely Reporting Responsibilities:

• Consolidate data from multiple departments and tools to create a holistic view of our security compliance posture.
• Develop and present weekly and monthly reports to the Director of compliance, outlining achievements, challenges, and plans.
• Analyze trends in observations from external audits, internal assessments, and other sources of identifying issues to inform and influence remediation strategies common trends.
• Customize reports for different assessments from the teams to Director of compliance.
• Ensure the timely communication of critical gaps identified from audits/assessment to management.

Leadership Responsibilities:

• Lead the in developing audit/assessment plan for different regulatory or standard’s needs.
• Help mentor team members to build the technical capabilities within C&A function’s goals.
• Lead the teams in identifying technical solutions for audit gaps and bring the tracking and managing to the successful resolution of the gaps.
• Provide leadership in evaluating compliance aspects of projects through of reporting of technical KPIs and other compliance metrics.

Qualifications:

• Bachelor’s or Master’s degree in information system management, Computer Science, Cybersecurity, Risk Management or equivalent.
• Certifications required (two), preferred certifications: Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified Cloud Security Professional (CCSP), or equivalents.
• 10+ years of combined experience with consulting, external audit, company in house and outsourced internal audit, assurance services, contracts;
• 8+ years of hands-on combined experience with financial and information technology internal controls design, test, audit, risk assessments, investigations, findings, and remediation.
• 5+ years in-depth knowledge and experience of compliance and audit with SOC1, SOC2, SOX, HIPAA, ISO 27001, PCI DSS, FedRamp/StateRamp, etc.
• 5+ years as a Subject Matter Expert (SME); working with industry frameworks including ISO, NIST 800-53, NIST/CSF, PCI, HITRUST, FISMA, GDPR etc. 
• Leadership skills and experience leading engagements, establishing budgets, developing work programs/plans, building relationships, mentoring staff, providing performance feedback, and monitoring workloads of team(s) while meeting partner and client expectations.
• Excellent analytical and problem-solving skills with advanced written, verbal and presentation skills; including interactions with peers and senior technical teams and their management.
• Strong experience in managing highly complex technical audits and assessments and driving them to successful outcomes.
• Experienced working in remote environments. Independent, motivated self-starter with the ability to analyze complex problems, think critically, problem solve, influence change, provide thought leadership. 
• Excellent communication and interpersonal skills, including the ability to work across a highly matrixed organization, interacting, influencing, negotiating effectively with all levels of leadership and peers.
• Experienced with vendor and managed security services with ability to identify continuous improvement opportunities to drive risk assessment effectiveness and efficiency.
• Strong influencing skills and the ability to champion security and educate staff on the latest security risk, software protection, assurance methods and technologies.
• Strong work ethic, excellent use of discretion and judgment, and the mature ability to establish credibility and rapport with senior executives and technical and non-technical team members.
• Ability to travel to customer sites as needed.

Benefits:

A comprehensive benefits package that begins your first day of employment. Additional Information: Wolters Kluwer offers great benefits and programs to help meet your needs and balance your work and personal life, including Medical, Dental, & Vision Plans, 401(k), FSA/HSA, Commuter Benefits, Tuition Assistance Plan, Vacation and Sick Time, and Paid Parental Leave. Full details of our benefits are available - https://www.mywolterskluwerbenefits.com/index.html 

Diversity Matters:

Wolters Kluwer strives for an inclusive company culture in which we attract, develop, and retain diverse talent to achieve our strategy. As a global company, having a diverse workforce is of the utmost importance. We've been recognized by employees as a European Diversity Leader in the Financial Times, as one of Forbes America’s Best Employers for Diversity in 2022, 2021 and 2020 and as one of Forbes America’s Best Employers for Women in 2021, 2020, 2019 and 2018. In 2020, we placed third in the Female Board Index, and were recognized by the European Women on Boards Gender Diversity Index. Wolters Kluwer and all of our subsidiaries, divisions and customer/departments is an Equal Opportunity / Affirmative Action employer

Compensation:

Target salary range CA, CT, CO, HI, NY, WA: $176,600-$249,950