POSITION PROFILE

The Director of IT Compliance Services is responsible for overseeing all aspects of IT compliance within the organization. This includes establishing and maintaining policies and procedures for IT compliance, conducting risk assessments, overseeing compliance audits and assessments, and serving as a liaison with external auditors and regulators. The Director of IT Compliance Services will work closely with other departments and stakeholders to ensure that compliance efforts are aligned with organizational goals and priorities.

JOB DUTIES AND RESPONSIBILITIES

• Develop and implement policies and procedures to ensure compliance with relevant regulations and standards including, but not limited to, ISO, GDPR, SOX, SOC2, Hi-Trust, PCI-DSS.
• Oversee compliance audits and assessments to ensure that all necessary controls are in place and functioning properly.
• Serve as a liaison with external auditors and regulators, and respond to inquiries and requests for information as needed.
• Monitor and report on compliance metrics and key performance indicators to senior management and other stakeholders.
• Coordinate with other departments and stakeholders, such as legal, finance, and IT, to ensure that compliance efforts are aligned with organizational goals and priorities.
• Conduct risk assessments to identify potential areas of non-compliance and develop mitigation strategies to address them.
• Consult with the architecture and development teams on environment changes, provide guidance on compliance requirements and ensure that changes comply with relevant regulations and standards.
• Maintain up-to-date knowledge of regulatory and industry changes related to IT compliance, and update policies and procedures accordingly.
• Develop and deliver compliance training to employees and stakeholders at all levels of the organization.
• Collaborate with other IT leaders to ensure that compliance considerations are integrated into IT projects and initiatives.
• Respond to customer questionnaires and security reviews submitted by customers, provide timely and accurate information on the organization's IT compliance posture.
• Develop and manage relevant budget items.
• Define compliance goals, strategies, metrics, and reporting mechanisms, while creating maturity models and roadmaps for continual program improvements
• Manage a team of IT compliance professionals, providing coaching, mentoring, and guidance as needed.
• Engage in professional development to maintain continual growth in professional skills and knowledge essential to the position.
• Clearly establish job expectations by conducting periodic employee Performance Appraisals, establishing training plans and consistently following-up on employee results achieved.
• Participate in industry forums and events to stay abreast of best practices and emerging trends in IT compliance.
• Performs other duties as assigned.

QUALIFICATIONS (Education, Experience, and Certifications)

• Bachelor's degree in information technology, computer science, or a related field preferred.
• Certification in relevant IT compliance and/or risk management standard (e.g., CRISC, CISA, GSNA) is a plus.
• 7+ years of experience in IT compliance, risk management, or related field.
• 5+ years of experience in a leadership capacity.
• Experience in conducting compliance audits and assessments.
• Experience leveraging a GRC (Governance, Risk and Compliance) tool to support IT risk management and compliance initiatives. .
• Experience with generally accepted business practices and controls utilized by the IT Industry
• Strong understanding of relevant regulations and standards, such as ISO, PCI-DSS, Hi-Trust, SOC2.
• Must be proficient with MS Office, PowerPoint and Excel.

Ricoh is an EEO/Affirmative Action Employer - Minorities/Women/Protected Veterans/Disabled.