Description:
We’re one of the most broadly deployed logistics and supply chain technology companies in the world. More than 22,000 customers around the globe use our cloud-based solutions to transform the way they move inventory and information to enhance productivity, better serve customers, thrive competitively, keep pace with evolving regulations, and respond to rapidly changing market conditions. Descartes is publicly traded (Nasdaq:DSGX, TSX:DSG) with headquarters in Waterloo, Ontario, Canada, and offices and partners around the world. With record financial performance for more than 16 years, we lead the industry in innovation investment. Every day, logistics service providers, manufacturers, retailers, distributors, and other logistics-intensive businesses of all sizes rely on our scale, stability, and comprehensive solution footprint to move what’s most important to them. Learn more at www.descartes.com.
We’re growing fast and invite you to join our amazing team.
We are currently seeking an IT Governance & Risk Analyst to join our IT Business Support Team. As a member of the team, you will be responsible for effectively collaborating with all business units to analyze, develop and maintain our IT governance & risk framework
This is an exciting opportunity to work with company-wide stakeholders in a global IT organization to learn and develop your passion for Security & Privacy
Responsibilities:
- Coordinate and manage day-to-day internal ITGC activities, including periodic evidence collection, planning, risk analysis, control design assessment and validation, gap analysis and remediation.
- Build global world class ISMS and ITGC programs.
- Interact with external audit partners on a periodic basis to coordinate and monitor IT responsibilities for the completion of compliancy certifications
- Collaborate with IT Security and other internal team leads to continuously improve ITGC by operationalizing an effective strategy and roadmap for IT Governance & Risk reporting across all information assets; physical and cloud data centers, offices, physical/virtual hardware, networking, database, internal applications, and customer facing products and services
- Provide education and training to internal stakeholders
- Work with IT teams and product owners to review existing controls, processes, testing strategies, audit reviews, and implement changes to ensure effectiveness and accuracy.
- Ensure appropriate documentation including policies, process flows, process, and risk matrix.
- Evaluate controls as new systems are developed and/or processes change.
- Utilize existing technologies where possible to support the IT General controls requirements and evaluate new solutions to fill gaps and address specific security requirements.
- Develop and review easy-to-use dashboards to support risk discovery and monitoring activities
- Prepare and present status updates to senior management on related KPIs
- Remain current on evolving governance requirements and best practices
- Support and build a Governance & Risk mindset
Experience and Skills:
- Strong understanding of information security & privacy risk
- Experience managing Sarbanes Oxley and/or Service Organization Control 2 compliance
- Knowledge of NIST, compliance CMM, ITIL and other industry frameworks and standards
- Knowledge of Azure, AWS, Windows Server, Linux, virtualization, networking, database, ap
- Highly independent, hands-on approach, able to deal with ambiguity, and to multi-task and execute projects from start to finish in a fast paced environment.
- Strong analytical skills with the ability to problem-solve.
- Strong project management skills; able to identify needs, develop effective solutions and manage projects through to completion.
- Excellent verbal and written communication skills
- Able to build strong interpersonal relationships