Founded in 1921 and publicly traded since 1925, Newmont (www.newmont.com) is one of the largest gold companies in the world. Headquartered in Denver, Colorado, the company has approximately 24,000 employees and contractors, with the majority working at Newmont's core operations in the United States, Australia, Ghana, Peru and Suriname. Newmont is the only gold company listed in the S&P 500 index and in 2007 became the first gold company selected to be part of the Dow Jones Sustainability World Index. Newmont's industry leading performance is reflected through high standards in environmental management, health and safety for its employees and creating value and opportunity for host communities and shareholders.
About this role
This role is responsible for executing the information technology compliance strategy and managing security and compliance controls, policies, procedures, and processes across the IT landscape. This role will support audit and compliance activities, provide oversight of compliance controls for the business, define and enforce security and compliance policies and regulatory requirements. This role will support company security and compliance controls and policies by thorough implementation and ongoing support and maintenance.
In this role you will
Information Technology Compliance
Updates and performs the necessary gap analysis; creates and maintains various internal and external audit and compliance schedules for Information Technology.
Reviews, documents, evaluates, and tests manual and automated computer controls throughout the corporate IT environment; develops and implements testing methodologies for application development, IT infrastructure, security, and availability; designs and executes compliance tests for IT systems and coordinates required remediation.
Act as coach, mentor, and trainer of others in security and compliance.
Orchestrate multiple personnel across multiple disciplines with varying responsibilities and accountabilities to meeting a shared objective.
Detailed tracking of multiple concurrent action plans which are accountable to personnel outside your immediate span of reporting relationships.
Conducts risk assessments on business and operational processes, procedures, and policies; interprets audit results and makes conclusions on the adequacy and reliability of controls; prepares and presents reports as necessary
Prioritizes and controls projects based on the severity of risk and non-compliance; communicates control strengths and weaknesses to internal audit and compliance and collaborates with internal audit to develop migration plans.
Applies COBIT5, COSO, ISO 27001, ITILv3, and/or NIST frameworks to documentation and remediation efforts; provides guidance to IT in the reengineering of processes and procedures in need of remediation; conducts gap analysis via testing and recommends specific actions to fix gaps.
Designs and enhances internal controls such as segregation of duties, production change management, software management, security, incident handling, and transmission integrity; assists the internal audit team and serves as a liaison with external auditors to facilitate auditing process.
Conducts audit/compliance assessments to ensure ongoing evaluation and validation of IT control effectiveness
Support project deployments that impact/affect SAP security and user/role governance.
Recommending and developing security measures to protect information against unauthorized modification or loss
Management of SOX requirements
Ability to troubleshoot complex risk, control, and exception processes
Ability to read and understand SOC reports
Ability to understand and assess risks related to third party vendors.
The above duties and responsibilities are representative of the nature and level of work assigned and are not necessarily all-inclusive.
Your Training, Skills & Experience
Degree in Management Information Systems, Computer Science, Computer Information Systems or similar degree.
Preferred certifications: CISA (Certified Information Systems Auditor), CISSP (Certified Information Systems Security Professional), CGEIT (Certified in the Governance of Enterprise IT)
IT Security, Compliance, and Risk Management experience
Enterprise level SOX compliance requirements and testing approaches
Proven experience working closely with the applications team to resolve security and compliance issues for SAP and other application environments.
Excellent communications skills across all levels of the workforce and experience working in a heavily interfaced environment, and able to demonstrate working knowledge and skills of the main elements of customizing and user administration.
Able to operate as a highly independent worker and as part of a strong team with a collaborative approach.
Proven ability to work under stress in emergencies with the flexibility to handle multiple high-pressure situations simultaneously
Ability to communicate highly complex technical information clearly and articulately for all levels and audiences
Ability to manage tasks independently and take ownership of responsibilities
Strong team-oriented interpersonal skills with the ability to interface with a broad range of people and roles including vendors and IT-business personnel
Experience with SAP Application Security, ECC, GRC, and Hana functional technical components
SOC report development experience.
Experience working and managing vendor performance and service level agreements
Able to demonstrate a high degree of credibility and influence senior stakeholders within the organization
Ability to adapt to a rapidly changing environment and quickly identify new trends and industry changes specific to security and advanced cyberattacks
High critical thinking skills required to evaluate complex, multi-sourced intelligence information, analyze and confirm root cause, an independently, or at times with the assistance of a Senior IT Threat Analysts or third-party vendor, identify mitigation alternatives and solutions that safeguard our technical environment
Functional expertise in Active Directory, LINUX, SAP Hana, Azure, Amazon Web Services, and Google Cloud preferred.
Working Conditions and Location
The position is located in the Denver corporate office.
Position may be required to travel to, and assist other domestic and international sites.
To learn more about Newmont visit us at:
Newmont website: http://www.newmont.com/home/default.aspx
Lifecycle of a Mine microsite (educational site that explains what happens during each phase of a mine's life): http://lifecycle.newmont.com/
Newmont's blog site (weekly stories highlighting work being done in Newmont's regions and our employees): http://ourvoice.newmont.com/
Newmont's annual sustainability report: http://sustainabilityreport.newmont.com/
Our business success comes from the accomplishments and well-being of our employees and contractors. Our goal is to build a workplace culture that fosters leaders and allows every person to thrive, contribute, and grow. We are committed to selecting and developing our employees, and to establishing a work environment where everyone can take an active part in reaching our strategic goals while feeling a sense of pride in working at Newmont.
Newmont seeks to recruit, hire, place and promote qualified applicants, meaning applicants who meet the minimum requirements of the position, without regard to personal characteristics such as gender, race, nationality, ethnic, social and indigenous origin, religion or belief, disability, age or sexual orientation or any other characteristic protected by applicable law.
NOTE: Newmont does not ask for or require job applicants to pay money to apply or be considered for employment with the Company. In addition, Newmont does not ask potential job candidates to provide sensitive personal data without first submitting a job application through our secure, online portal, and only as requested for legitimate business purposes. If you are asked to provide money or sensitive personal data through any other means, do not respond and please report this immediately to email@example.com.