IT Supervisor - Governance & Compliance
NSK · Ann Arbor, MI · 2 mo ago
HybridInformation TechnologyFull-time
Responsibilities
- Develop and lead the IT governance framework to ensure strategic alignment, value delivery, and performance monitoring of IT initiatives.
- Define and maintain IT policies, standards, procedures, and architecture principles.
- Facilitate governance bodies such as IT Steering Committees, Architecture Review Boards, and Risk Committees.
- Establish KPIs and reporting structures to monitor IT effectiveness and service delivery.
- Lead the development and implementation of IT compliance programs to meet internal policies and external regulations (e.g., SOX, GDPR, HIPAA, PCI-DSS).
- Design and enforce controls to ensure regulatory compliance and reduce risk exposure.
- Collaborate with internal and external auditors to support audit processes and ensure timely remediation of findings.
- Monitor changes in regulatory requirements and adjust compliance frameworks accordingly.
- Work with cybersecurity, risk, and business units to identify, assess, and mitigate IT-related risks.
- Maintain a compliance risk register and ensure continuous monitoring and control effectiveness.
- Oversee IT assessments, control testing, and third-party risk reviews.
- Develop, maintain, and enforce IT policies covering security, data privacy, operations, and usage.
- Drive awareness and training programs to promote a culture of compliance and governance across IT and business units.
- Provide advisory services to project and operations teams on compliance and governance requirements.
- Create dashboards and reports for leadership highlighting IT compliance status, audit findings, policy adherence, and governance metrics.
- Identify opportunities to streamline processes, close compliance gaps, and improve IT maturity.
- Promote continuous improvement through feedback loops, process audits, and benchmarking.
Qualifications
- Bachelor's or Master's degree in Information Technology, Information Systems, Business Administration, Risk Management, or a related field.
- 8+ years of experience in IT governance, compliance, or risk management roles, preferably in a related industry.
- In-depth knowledge of IT governance and compliance frameworks (e.g., COBIT, ITIL, ISO 27001, NIST, SOX).
- Understanding of data protection and privacy regulations (e.g., GDPR, HIPAA, CCPA).
- Experience leading IT audits and managing control frameworks.
- Familiarity with GRC platforms and tools (e.g., FreshService, ServiceNow GRC, RSA Archer, OneTrust).
- (Preferred): CGEIT (Certified in the Governance of Enterprise IT), CISA (Certified Information Systems Auditor), CRISC (Certified in Risk and Information Systems Control), CISM (Certified Information Security Manager).
- (Preferred): ITIL, ISO 27001 Lead Implementor/Auditor, or equivalent certifications.