Director, IT Risk & Compliance Management
Company Description
ServiceNow is making the world of work, work better for people. Our cloud‑based platform and solutions deliver digital workflows that create great experiences and unlock productivity for employees and the enterprise. We're growing fast, innovating faster, and making an impact on our customers' and employees' lives in significant and important ways. With over 6,900 customers, we serve approximately 80% of the Fortune 500, and we're on the 2020 list of FORTUNE World's Most Admired Companies.®
We're looking for people who are ready to roll up their sleeves and help us build on our incredible momentum, our diverse, engaged workforce, and our purpose to make the world of work, work better.
Learn more on Life at Now blog and hear from our employees about their experiences working at ServiceNow.
Job Description
This position will report to the VP of IT Strategy, Planning, and Business Operations
What you'll do in this role:
IT Controls & Compliance
- Partner with the Global CISO on Cyber Risk and the Global VP of Audit Risk and Compliance on the company enterprise risk framework.
- Analyze current and proposed IT systems/programs/initiatives to ensure compliance with applicable business, industry, and regulatory standards.
- Work across IT to continuously improve the effectiveness and efficiency of internal controls through best-practice controls design and the application of automation.
- Work with business and IT delivery teams to define and maintain an effective suite of controls adapting to changes in products, business processes and technology solutions
- Maintain an accurate and continuously updated inventory of IT controls including their objectives, operational processes, and responsible control owner
- Collaborate with IT control owners to continuously monitor control effectiveness and act as a trusted advisor to IT leadership and service owners on the design and effective operation of controls.
- Ensure compliance with pertinent regulatory obligations while taking a practical approach to risk-based challenges and offer solutions.
- Strive to drive a right balance between controls assurance, process efficiency and customer focus in all Risk and Compliance processes
- Manage the successful delivery of compliance / risk initiatives, ensuring controls assurance, operational excellence with a practical/business driven approach.
- Risk Management
- Develop, implement and maintain a strategic and comprehensive Enterprise IT Risk Management program.
- Design and lead a global risk assessment for IT
- Establish and quantify IT’s 'risk appetite' and ensure risk approach adheres accordingly
- Continuously assess technology delivery and operation within IT to identify process, technology operation, regulatory, or compliance risks and develop the necessary strategies to reduce and/or remediate these risks
- Facilitate communication across IT leadership team and Corporate Audit to monitor risks.
Qualifications
To be successful in this role, we need someone who has:
- Bachelor's degree required in Information Technology, Computer Science, or business-related discipline.
- Certification in Audit, Risk Management, Project Management, Privacy or Security highly desirable
- Minimum 10 years of experience in a combination of risk management and information security
- Mastery in Sarbanes-Oxley Act, System and Organization Controls framework, PCAOB and SEC guidance related to audits of the internal control environment
- Knowledge of common information security management frameworks and standards, such as ITIL, NIST, ISO, SOC 2, Mitre, FAIR, PCI, HIPPA, BSIMM, etc
- Familiar with IT Compliance legislation, including privacy standards, such as GDPR
- Knowledge of Governance, Risk and Compliance (GRC) technology tools and methodologies and knowledge of ServiceNow GRC is a plus.
Additional criteria:
- Strategic acumen and problem-solving skills with the ability to turn findings into executable plans.
- Track record of identifying the need for and driving beneficial change; practices continuous improvement.
- Assertive and able to influence across all levels, including influencing others without direct position power.
- Demonstrated ability to build trust and strong cross-functional relationships across an organization to achieve common goals.
- Strong business acumen and demonstrated sound business judgment.
- Ability to effectively prioritize workload.
Additional Information
ServiceNow is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, creed, religion, sex, sexual orientation, national origin or nationality, ancestry, age, disability, gender identity or expression, marital status, veteran status or any other category protected by law.
If you are an individual with a disability and require a reasonable accommodation to complete any part of the application process, or are limited in the ability or unable to access or use this online application process and need an alternative method for applying, you may contact us at +1 (408) 501-8550, or [email protected] for assistance.
For positions requiring access to technical data subject to export control regulations, including Export Administration Regulations (EAR), ServiceNow may have to obtain export licensing approval from the U.S. Government for certain individuals. All employment is contingent upon ServiceNow obtaining any export license or other approval that may be required by the U.S. Government.