IT Risk & Controls Lead

With more than $1B in revenue, Tennant Company is a globally recognized leader in the cleaning equipment industry. For the past 150 years, we have been passionate about developing and manufacturing innovative and sustainable solutions for our customers. At Tennant Company, we are committed to stewardship and creating a cleaner, safer and healthier world. With manufacturing, operations and sales, service, and support functions across the globe, your journey at Tennant can take you places you never expected.

IT Risk & Controls Lead

Tennant Company's IT Quality team is responsible for IT Application Security, Testing, and Compliance to build a strong 2nd Line of Defense, foster an IT control aware culture, deliver compliant and secure technology capabilities, protect customers, and meet regulatory requirements. The IT Risk & Controls Lead reports directly to the Senior IT Manager, IT Quality. In this role, we are looking for an individual who is willing to assess and prioritize information technology risks across the organization; facilitates compliance with regulatory requirements and information security policies; and supports the establishment and maintenance of effective IT general controls (ITGCs). The individual will lead activities to ensure company security guidelines and procedures are upheld including ITGCs. The IT Risk & Controls Lead will collaborate with process owners, internal auditors, external auditors, and other stakeholders to assist in reviewing, monitoring, and resolving technology-related findings. The IT Risk & Controls Lead will also contribute to the transformation of the company's IT compliance program. This role will require working with personnel across our global organization at varying levels of responsibility.

Responsibilities

• Establish and lead the IT Risk & Controls function within the IT Quality team.

• Assist in the development and implementation of IT risk management strategies, policies, and procedures including alignment to industry best practices and regulatory requirements.

• Conduct risk assessments to identify potential vulnerabilities and recommend appropriate IT controls.

• Manage access controls, including user provisioning, segregation of duties, and privileged access reviews.

• Conduct periodic reviews of system configurations and access controls to ensure compliance.

• Collaborate with business and IT stakeholders to support design and implementation of IT controls.

• Design and implement IT General Controls (ITGCs) to ensure logical security, change management, and IT operations controls compliance for on-premise and cloud-hosted technologies.

• Oversee IT controls testing activities to ensure operating effectiveness and compliance with various regulations, including but not limited to, Sarbanes-Oxley (SOX).

• Evaluate service organization control reports (SOC 1, SOC 2, ISAE 3402, etc.) for deficiencies identified by service auditor and complementary user entity controls (CUECs) required to be implemented by Management.

• Monitor and report on the effectiveness of IT controls, areas for improvement, and corrective actions underway to Senior IT Leadership.

• Assess IT deficiencies for root cause, severity, compensating controls, and IT corrective action plans.

• Provide guidance and training to Management on IT risk management, ITGCs, among other topics.

• Collaborate with various internal and external auditors regarding the submission of requests by IT stakeholders for SOX, ISO, ESG, and Audit & Advisory projects.

• Liaise with our internal and external auditors to align on scoping, quality improvement opportunities, deficiencies, and annual testing timeline.

• Promote a culture of awareness and accountability with respect to establishing and maintaining IT internal controls.

Qualifications

• Bachelor's degree in management information systems, computer science, or similar field(s).

• Minimum 6-8 years of combined audit, technology, and IT risk experience.

• Professional certification required, such as, CISA, CISM, CRISC, CGEIT, CISSP, or similar.

• Demonstrated knowledge of information technology and risk frameworks (e.g., COBIT, SOC Reports (SSAE 18), NIST, ITIL, COSO, or similar).

• Demonstrated experience designing and/or testing IT general controls (ITGCs) and System Development Life Cycle (SDLC) controls.

• Demonstrated experience with SAP required, while other ERPs preferred.

• Demonstrated experience with various operating systems, databases, platforms, network software and hardware, security tools, and cloud services preferred.

• Demonstrated knowledge of risk management, information technology, and/or auditing.

• Demonstrated knowledge of Sarbanes-Oxley (SOX) IT controls requirements and testing methodology.

• Demonstrated time management skills using time effectively to meet deadlines.

• Demonstrated aptitude for continuous learning in and around technology acumen, analytical problem-solving, and interpersonal skills.

• Demonstrated ability to prioritize and manage multiple workstreams including administrative and documentation-oriented tasks.

• Manufacturing industry experience preferred.

Begin your journey with us. Let's reinvent how the world cleans.

Equal Opportunity Employer

Tennant Company is an equal opportunity employer. Employment decisions are made on the basis of individual skill, ability, reliability, productivity, and other factors important to performance. We do not discriminate on the basis of race, color, religion, sex, national origin, physical or mental disability, age, military service, pregnancy, sexual orientation, genetic information (including family medical history), marital status, gender identity or expression, parental status, political or any other non-merit based factors protected by state or federal law or local ordinance.

Nearest Major Market: Minneapolis

Job Segment: Compliance, Cloud, Testing, Risk Management, Law, Legal, Technology, Finance