Sr. IT Risk & Compliance Consultant

Hybrid role, requires onsite in Saint Paul, MN****

We are seeking a Sr. IT Risk & Compliance Consultant to join our team in the manufacturing industry based in Saint Paul, Minnesota. This role offers a long-term contract employment opportunity. As an IT Risk & Compliance Consultant, you will be responsible for creating and upholding the IT governance framework and control systems, ensuring IT operations align with business goals, and managing IT risks.

• Develop and maintain the IT governance framework, policies, and procedures in alignment with business objectives and industry standards like COBIT, ITIL, ISO 27001.
• Implement control measures to mitigate risks associated with information security, data privacy, system availability, and business continuity.
• Regularly review and update IT policies and procedures, ensuring compliance with regulatory and legal requirements such as GDPR, HIPAA, SOX.
• Collaborate with internal and external auditors to conduct IT audits, identify control gaps, and recommend corrective measures.
• Prepare and present reports to senior management on governance and compliance metrics.
• Develop and monitor key IT controls and performance indicators to track IT effectiveness and risk exposure.
• Lead project and portfolio activities related to compliance, including project tracking, planning, and resource management.
• Collaborate with business units, legal, finance, and risk management teams to align IT governance with overall organizational governance.
• Oversee the management of IT incidents, ensuring appropriate control mechanisms are in place to prevent future occurrences.
• Develop and deliver training programs to raise awareness of IT governance, risk management, and control requirements within the organization.
• Manage vendor and contract relationships related to compliance, perform vendor and quality risk assessments, and review vendor assessments and compliance with leadership periodically.
• Maintain accurate documentation of compliance activities, outcomes, and reports, providing regular updates to senior management and stakeholders.

• Minimum of 5 years of experience in IT Risk and Compliance within the Manufacturing industry
• Proven skills in Auditing, particularly with respect to IT Governance and IT Risk Management
• Certification as an Information Systems Auditor (CISA) is required
• Certification in Risk and Information Systems Control (CRISC) is mandatory
• Proficiency in using CobiT for IT Governance is expected
• Expertise in Regulatory Compliance Risk Management is necessary
• Familiarity with ITIL Processes and IT Infrastructure Library is required
• Demonstrable knowledge of ISO Standards and NIST is preferred
• Understanding of the General Data Protection Regulation (GDPR) is important
• Experience with HIPAA Compliance System Implementation is beneficial
• Knowledge of Sarbanes-Oxley (SOX) and IT controls is essential