IT Regulatory Compliance
- Employer
- National Indemnity Company
- Location
- Omaha, Nebraska
- Salary
- Not specified
- Posted
- Jul 30, 2018
- Closes
- Sep 28, 2018
- Category
- IT
- Job Type
- Full Time
- Career Level
- Experienced (Non-Manager)
Overview & Responsibilities
The IT Regulatory Compliance & Audit Professional is responsible for monitoring and researching regulatory and security compliance issues, as directed, relating to information technology operations for the National Indemnity and Berkshire Hathaway Homestate groups of insurance companies, and preparing summary analysis, drafting documents, and making recommendations to the network management, IT Director, and VP Business Development and Technology. Conducts technology auditing for compliance purposes. Creates drafts of Company policies regarding information technology policies, procedures, disaster recovery, and security. Assists management when communicating with information technology compliance areas of other Berkshire Hathaway insurance companies and serves as a liaison with auditors.
Major Duties:
- Researches information technology issues, as directed, pertaining to the technology operations of the National Indemnity and Berkshire Hathaway Homestate groups of insurance companies. Evaluates the compliance issues concerning the policies, procedures, disaster recovery processes and security rules, and network for the software, hardware, and network technologies. Audits other compliance-related activity for these operations. Summarizes and recommends to IT Director, VP Business Development and Technology, and senior management actions to be taken as a result of the review of the materials.
- Analyzes and understands technology processes and infrastructure used to create Company compliance policies. Drafts proposed compliance and other IT practices and procedures. Participates in the evaluation and requirements for various IT compliance activities such as PCI, NIST, ORSA, etc. Provides copies of the requirements to IT management and IT Director for input and approval.
- Analyzes and understands current IT standard and change control procedures. Assists technology personnel with the creating and maintaining the appropriate procedures. Participates in making changes to the procedures made to comply with new requirements or as directed by management. Assists IT Director with summarizing and recommending to senior management actions to be taken as a result of the review of the materials.
- Assists the Company with maintaining and updating computer network and electronic and data security compliance requirements. Researches and monitors rules and regulations surrounding network and data security and recommends actions to be taken.
- Maintains information technology policies, procedures, and change control practices. Directs changes to them and guides as necessary. Notifies Company personnel of changes, including written instructions for implementing the changes.
- Conducts compliance survey and participates in the auditing activities for the information technology infrastructure for the National Indemnity and Berkshire Hathaway Homestate groups of insurance companies. Acts as primary technology compliance liaison with the internal and external auditors and IT consultants. Summarizes recommendations and conclusions for IT Director, VP Business Development and Technology, and senior management.
- Assists with market conduct exams and similar state insurance department inquiries pertaining to technology by answering questions and discussing issues.
- Communicates with other Berkshire Hathaway insurance operations as necessary to share regulatory compliance knowledge, compare compliance approaches, and help with technology compliance matters.
- Trains Company personnel on information technology compliance policies, procedures, change control standards, network security standards, and awareness of disaster recovery procedures.
- Performs other duties as directed or as situation dictates.
Qualifications
Required Knowledge:
- Bachelor degree in information systems, management information systems, IT management or other IT degree (engineering, math, and science degrees are acceptable substitute degrees)
- 3-5 years related work experience
- Experience with Information Technology
- Must have strong forensic, troubleshooting, and problem solving abilities and interpersonal skills to work through issues with various teams
- Excellent oral and written communication skills, both internal and external to the Company
Preferred Knowledge:
- Insurance related background
- One of the following certifications:
- Certified in Risk and Information Systems Control (CRISC)
- Certified in the Governance of Enterprise IT (CGEIT)
- Project Management Institute-Risk Management Professional (PMI-RMP)
- ITIL Expert
- Certification in Risk Management Assurance (CRMA)
- GRC Professional (GRCP)
- Certified Information System Auditor (CISA)