Manager, IT Risk & Internal Controls and Compliance

Job ID: 516873CRH's Americas Materials division is the leading integrated supplier of aggregates, asphalt, ready mixed concrete and paving and construction services in North America. Our operations span North America with over 29,000 employees at close to 1,660 locations in 45 US States and 2 Canadian provinces.Position OverviewCRH Americas Materials is currently recruiting for the position of Manager, IT Risk & Internal Controls and Compliance based in Atlanta, GA. The successful candidate will have a deep understanding of IT security frameworks, risk management and compliance standards and will work collaboratively with cross-functional teams to ensure alignment with business objectives and regulatory requirements. As a Manager, IT Risk & Internal Controls and Compliance, in the Financial Risks Controls and Compliance organization you will be responsible for developing/managing policies, leading risk assessments, overseeing audits, and drive the effectiveness of IT and security controls in line with company’s standards. You will also provide subject matter expertise and technical guidance to technology – aligned process owners, ensuring that the implemented controls are operating effectively and in compliance with regulatory, legal and industry standards.This includes but is not limited to:Support the Compliance function for ongoing SAP transformation and managing the SAP GRC platformWorking collaboratively across the business and project teams to ensure a robust control environment is adopted.Key Responsibilities (Essential Duties and Functions)The key responsibilities described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Risk Management, Internal Control and SOX ComplianceDevelop and maintain IT security policies and procedures to ensure compliance with applicable laws and regulationsLead IT risk assessments and maintain the risk registerDesign, implement and maintain a comprehensive IT governance framework that aligns with industry’s best practices (ISO 27001, NIST, COBIT)Monitoring compliance with internal policies and external regulations and preparing audits and assessments.Assist in evaluating risks and identifying controls for ongoing ERP transformationAssist in risk owner responsibilities and evaluating the segregation of duties for access management.Monitor emerging risks in IT compliance, including cybersecurity threats that could impact SOX controls.Stakeholder management, communication and influencing skillsEnsure clear, timely and efficient communication channels exist to provide status updates, identify, and resolve issues and report on any other matters as neededBuild relationships with key internal stakeholders and promote the function of a trusted partnerChange and transformation Identify opportunities to make the compliance process more effective and efficient through data analytics and continuous monitoringApply knowledge of risk and controls best practices to promote transformational activitiesDrive the SOX compliance function to move beyond SOX compliance by adding value across the end-to-end financial reporting controls processEngage with relevant external stakeholders to align and optimize work practicesPeople / Overall ManagementCreate a climate where people are motivated to collaborate with Compliance to help achieve the organization’s compliance objectivesQualificationsEducation/Experience & Certifications6+ years of relevant experience, including IT SOX, IT audit, or risk management at a public company or Big 4/public accounting firm.Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Information Security Controls (CRISC) or equivalent qualification and other IT risk and controls experience.Bachelor’s degree in information systems, Accounting, Finance or related fieldFunctional Skills:Strong understanding of SOX 404, COSO, COBIT, and PCAOB standards.Experience designing, implementing, and maintaining a comprehensive IT governance framework, policies and procedures that aligns with industry best practices (e.g., ISO 27001, NIST, COBIT) and compliance with applicable laws and regulationsProficient with SAP GRC modules Access Risk Analysis (ARA) and Emergency Access Management (EAM) and/or other similar automated provisioning GRC toolsExperience with identifying and assessing ITGCs, application and interface controls, key reports, and SOC reports.Strong interpersonal and organizational influencing skillsAbility to communicate in a simple, articulate, thoughtful manner to varying audiencesInnovative spirit to work cross-functionally in developing improvement ideasConflict management and negotiation skillsA pleasant, likeable manner while accomplishing challenging resultsExpertise in identifying and implementing best practice:When developing a framework and process for ongoing designImplementing operational effectiveness and testing of key controlsCreating key IT process and data flow maps to identify control weaknessesCreating risks and control matrices (RCMs)Experience with project management including working within complex business environments for multi-national organizations collaborating and partnering with both with Internal auditors and External auditorsAdvanced problem-solving experience involving leading teams in identifying, researching, and coordinating the resources necessary to effectively troubleshoot/diagnose complex project issues; prior success extracting/translating findings into alternatives/solutions; and identifying risks/impacts and schedule adjustments to facilitate management decision-making.Comfortable navigating complex IT environments, including ERP systems, cloud platforms, and cybersecurity frameworksFamiliarity with ERP systems (e.g., SAP, M3, Oracle Cloud, NetSuite, PeopleSoft).Ability to translate complex IT and control concepts into business-friendly language.Excellent stakeholder management skills. Ability to cultivate and maintain solid relationships with key stakeholders across organizational teams and third-party suppliersPrevious change and transformation experience, preferably at a managerial levelWork RequirementsAtlanta based position. Hybrid mix of onsite and remote working.Must have expert proficiency in Microsoft Word, Excel, PowerPoint, Data and Analytic Tools (i.e., Tableau, Power BI, Alteryx, etc.,) and OutlookMust be 18 years old or olderMust pass pre-employment drug screen and criminal background checkStrict adherence to safety requirements and procedures as outlined in the Employee HandbookWillingness to work independently within a team environment and other duties as requiredModerate travel requiredSAP experience preferredWhat CRH Offers YouHighly competitive base payComprehensive medical, dental and disability benefits programsGroup retirement savings programHealth and wellness programsAn inclusive culture that values opportunity for growth, development, and internal promotionAbout CRHCRH has a long and proud heritage. We are a collection of hundreds of family businesses, regional companies and large enterprises that together form the CRH family. CRH operates in a decentralized, diversified structure that allows you to work in a small company environment while having the career opportunities of a large international organization.If you’re up for a rewarding challenge, we invite you to take the first step and apply today! Once you click apply now, you will be brought to our official employment application. Please complete your online profile and it will be sent to the hiring manager. Our system allows you to view and track your status 24 hours a day. Thank you for your interest!CRH Americas Materials Inc. is an Affirmative Action and Equal Opportunity Employer.EOE/Vet/DisabilityCRH is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, status as a protected veteran or any other characteristic protected under applicable federal, state, or local law.