Specialist ~ IT Governance & Risk

<strong>At Brookfield Properties, the foundation of our continued success is our people. Our talented associates build rewarding and challenging careers within our industry-leading real estate services business. We focus on long-term development of our people through our "promote from within" philosophy and have maintained an entrepreneurial, innovative approach to our business &ndash; keeping us nimble and setting us apart as a landlord partner of choice.</strong>

Cleveland, OH

Brookfield Properties

<div> <p><strong>Build a better world, together.</strong></p> <strong>With a time horizon that is both short-term and long-term, next week and next decade, we view our employees, residents, and communities as long-term partners in building a better, stronger, and more beautiful future for all of us.</strong></div> <div>&nbsp;</div> <div><strong><a href="https://careers-brookfieldproperties.icims.com/jobs/search?ss=1" target="_blank" rel="noopener noreferrer">Click here</a> to review all open positions&nbsp;and refer a friend</strong></div> https://www.brookfieldproperties.com/

keywords: risk management,teamwork,quality assurance,summary,success,compliance management,risk management,governance management,security awareness/training management,skills,experience,security,degree,great incentives

Full Time

Overview: <div class="iCIMS_InfoMsg iCIMS_InfoMsg_Job"> <div class="iCIMS_Expandable_Container"> <div class="iCIMS_Expandable_Text"> <p><strong>At Brookfield Properties, our success starts with our people. People like you.</strong></p> <p>We develop, operate, and manage more than 650 properties and 325 million square feet of real estate across the globe. It&rsquo;s a feat that wouldn&rsquo;t be possible without our team, a diverse group of creative visionaries and innovative experts who are relentless in pursuit of one goal: to ensure our buildings don&rsquo;t simply meet the needs of our tenants, residents, and communities &mdash; but exceed them, every day.</p> <p>We know that a &ldquo;one-size-fits-all&rdquo; approach doesn&rsquo;t work when it comes to residential living. That&rsquo;s why, at Brookfield Properties, our portfolio features a wide range of options for any stage of life. And though our properties may be diverse, one thing is universal: all offer the unparalleled quality, service, and support our residents deserve.</p> <p>If you&rsquo;re ready to be a part of our team, we encourage you to apply.</p> <p>We are searching for a talented&nbsp;<strong>Specialist ~ IT Governance &amp; Risk</strong>&nbsp;to be based out of&nbsp;<strong>Key Tower in downtown Cleveland, OH!</strong></p> <p><strong><u>Overview:</u></strong></p> <p>The&nbsp;Specialist ~ IT Governance &amp; Risk&nbsp;is responsible for understanding, evaluating, and assessing complex systems, security controls, and standards throughout the Brookfield Properties organization. This role will also be supporting management on various regulatory audit/compliance engagements and activates. In addition, this role will ensure the company is compliant with regulatory requirements and security best practices as defined by industry experts and Brookfield Properties policies and standards. This position is responsible for handling highly sensitive and confidential information.</p> </div> </div> </div> <h2 class="iCIMS_InfoMsg iCIMS_InfoField_Job">&nbsp;</h2>
Responsibilities: <p><strong><u>Compliance Management:</u></strong></p> <ul> <li>Oversee the IT compliance controls and IT audit obligations across Sarbanes Oxley, PCI, Internal Audit, NIST, and clients.</li> <li>Assists management in the development and design of effective compliance processes, procedures, and controls.</li> <li>Coordinate and manage the external IT SOX audit-related tasks such as ensuring the readiness of IT managers and their organizations for audit testing and facilitating the timely resolution of any audit findings, providing timely communication on audit issues to management, and attending all audit meetings with both internal and external audit.</li> <li>Implement and maintain an IT compliance issue management tracking (e.g., audit observations and remediation plans) and resolution process that will address known issues, according to the severity and potential impact to the organization.</li> <li>Report the levels of IT compliance gaps, risk, and control effectiveness to key stakeholders such as the CIO, Control Owners, and other Management roles as needed.</li> <li>Assist in providing direct support to all IT staff for security, audit, and compliance-related issues and gaps.</li> <li>Manage the collection and conduct due to diligence reviews for all vendor SOC reports that are in-scope for regulatory compliance.</li> <li>Act as a liaison for parties who perform external assessments of our control environment, including auditors and client contacts.</li> <li>Serve as the subject matter expert and provide consultation to the IT Control Owners in terms of the control&rsquo;s s design, implementation and compliance requirements.</li> <li>Assist the IT Control Owners and IT managers with the acquisition of tools and expertise to assist with IT compliance-related projects and initiatives.</li> <li>Explore and seek opportunities to streamline and automate areas of the IT Audit Process and associated procedures.</li> <li>Continually keep abreast and fully understand (e.g., controls, processes, procedures, key staff, etc.) the IT environment in terms of the in-scope SOX IT systems and applications.</li> </ul> <p><strong>&nbsp;</strong></p> <p><strong><u>Risk Management:</u></strong></p> <ul> <li>Identify and document security risks and ineffective controls into our GRC and communicate them to management.</li> <li>Audit critical business systems, applications and processes to capture new risks.</li> <li>Analyze and evaluate IT security risks to determine the likelihood and impact to the business.</li> <li>Determine risk response options and evaluate their efficiency and effectiveness to manage risk at an acceptable level.</li> <li>Continuously monitor and report on IT security risk and controls to relevant stakeholders and management.</li> </ul> <p><strong><u>&nbsp;</u></strong></p> <p><strong><u>Governance Management:</u></strong></p> <ul> <li>He/she is also responsible for enforcing Brookfield Properties security policies and standards through internal controlled oversight and self-assessments.</li> <li>Provide governance oversight and due diligence to ensure the required technical IT SOX Controls are aligned with the SOX narratives, appropriate polices (e.g. Information Security Policy), and regulatory requirements.</li> <li>Oversee the documentation, implementation, and testing of the entire IT compliance control portfolio.</li> </ul> <p>&nbsp;</p> <p><strong><u>Security Awareness/Training Management:</u></strong></p> <ul> <li>Ensure that our information security awareness program communicates our security policies and requirements so that people know, understand, and can follow them.</li> <li>Collaborate with management and the information security team as needed to augment or further develop information security training, education, and awareness activities appropriate for staff.</li> <li>Create an IT compliance training and awareness program that periodically educates the requisite end-user community on the relevant IT compliance requirements and certifies their adherence to the relevant IT compliance controls.</li> </ul>
Requirements: <ul> <li>This position requires an&nbsp;<strong>Undergraduate (Bachelor) Degree</strong>&nbsp;&ndash; preferably in Business or Information Technology. 5-7 years of experience can offset minimum educational requirements for this position<strong>.</strong></li> <li>Relevant certifications are strongly preferred: CISSP,CISA,CRISC, etc.</li> <li>3-4 years of experience is required in: <ul> <li>IT risk management, IT compliance, internal audit, project management, and/or information security.</li> <li>NIST framework, specifically as applied to risk management.</li> <li>IT SOX General Controls, Change Management and SDLC Processes.</li> <li>Ability to navigate complex corporate structures and areas concerning legal and regulatory mandates, risk and compliance.</li> <li>Ability to work both independently with sole responsibility, as part of a team.</li> <li>Professional cyber security experience.</li> <li>General knowledge of computer systems, networks, telecommunication, internet, intranet and extranet technologies; strong technical acumen: application and operating system hardening, vulnerability assessments, security audits; ability to weigh business risks and enforce appropriate information security measures; excellent documentation and presentation skills; ability to explain information security concepts to audiences outside of the field.</li> <li>Security designations (CISSP, CISA,) and knowledge of "best practice" frameworks (COBIT, NIST CSF, NIST 800-53, ISO27001) are preferred but not required.</li> <li>Ability to evaluate business processes and IT technology, identify risks, process gaps, and evaluate controls.</li> <li>Knowledge of CCPA, SOX and other data regulations and standards.</li> <li>Extensive knowledge of data security and access control systems, and related matters.</li> <li>Extensive knowledge of information protection methodologies and concepts, such as identification and authentication, access control, inception and audit trails.</li> <li>Ability to conduct security assessments against policies/procedures/best practices.</li> <li>Ability to research and keep up to date of industry technical/business security requirements and translate those requirements into the financial information environment.</li> <li>Excellent communication skills (both written and verbal).</li> <li>Competent interpersonal skills, demonstrating the ability to lead projects.</li> <li>Demonstrated proficiency in evidencing strong analytical, project management, and problem-solving skills.</li> <li>May also be required to perform other duties as assigned.</li> </ul> </li> </ul> <ul> <li>Required skills for this position include: <ul> <li>Written Communications</li> <li>Process Improvement</li> <li>Interpersonal Skills</li> <li>System &amp; Process Orientation</li> <li>Presentation</li> <li>Problem Solving</li> <li>IT Risk Management</li> <li>IT Compliance</li> <li>Prioritizing</li> <li>Planning</li> <li>Team Orientation</li> </ul> </li> <li>Travel up to 10% of the time; rarely travel</li> </ul>