Loading...
Share this Job

Specialist, IT Security & Compliance

Date:  Jan 8, 2021
Location: 

Denver, CO, US (United States)

Founded in 1921 and publicly traded since 1925, Newmont (www.newmont.com) is one of the largest gold companies in the world. Headquartered in Denver, Colorado, the company has approximately 24,000 employees and contractors, with the majority working at Newmont's core operations in the United States, Australia, Ghana, Peru and Suriname. Newmont is the only gold company listed in the S&P 500 index and in 2007 became the first gold company selected to be part of the Dow Jones Sustainability World Index. Newmont's industry leading performance is reflected through high standards in environmental management, health and safety for its employees and creating value and opportunity for host communities and shareholders.

About this role

This role is responsible for executing the information technology compliance strategy and managing security and compliance controls, policies, procedures, and processes across the IT landscape. This role will support audit and compliance activities, provide oversight of compliance controls for the business, define and enforce security and compliance policies and regulatory requirements. This role will support company security and compliance controls and policies by thorough implementation and ongoing support and maintenance.

In this role you will

Information Technology  Compliance

  • Updates and performs the necessary gap analysis; creates and maintains various internal and external audit and compliance schedules for Information Technology.
  • Reviews, documents, evaluates, and tests manual and automated computer controls throughout the corporate IT environment; develops and implements testing methodologies for application development, IT infrastructure, security, and availability; designs and executes compliance tests for IT systems and coordinates required remediation.
  • Act as coach, mentor, and trainer of others in security and compliance. 
  • Orchestrate multiple personnel across multiple disciplines with varying responsibilities and accountabilities to meeting a shared objective.
  • Detailed tracking of multiple concurrent action plans which are accountable to personnel outside your immediate span of reporting relationships. 
  • Conducts risk assessments on business and operational processes, procedures, and policies; interprets audit results and makes conclusions on the adequacy and reliability of controls; prepares and presents reports as necessary
  • Prioritizes and controls projects based on the severity of risk and non-compliance; communicates control strengths and weaknesses to internal audit and compliance and collaborates with internal audit to develop migration plans.
  • Applies COBIT5, COSO, ISO 27001, ITILv3, and/or NIST frameworks to documentation and remediation efforts; provides guidance to IT in the reengineering of processes and procedures in need of remediation; conducts gap analysis via testing and recommends specific actions to fix gaps.
  • Designs and enhances internal controls such as segregation of duties, production change management, software management, security, incident handling, and transmission integrity; assists the internal audit team and serves as a liaison with external auditors to facilitate auditing process.
  • Conducts audit/compliance assessments to ensure ongoing evaluation and validation of IT control effectiveness
  • Support project deployments that impact/affect SAP security and user/role governance.
  • Recommending and developing security measures to protect information against unauthorized modification or loss
  • Management of SOX requirements
  • Ability to troubleshoot complex risk, control, and exception processes
  • Ability to read and understand SOC reports
  • Ability to understand and assess risks related to third party vendors.

 

The above duties and responsibilities are representative of the nature and level of work assigned and are not necessarily all-inclusive.

.

Your Training, Skills & Experience Checklist

Degree in Management Information Systems, Computer Science, Computer Information Systems or similar degree.
Preferred certifications: CISA (Certified Information Systems Auditor), CISSP (Certified Information Systems Security Professional),  CGEIT (Certified in the Governance of Enterprise IT)

 

Required Experience:

  • IT Security, Compliance, and Risk Management experience 
  • Enterprise level SOX compliance requirements and testing approaches
  • Proven experience working closely with the applications team to resolve security and compliance issues for SAP and other application environments.
  • Excellent communications skills across all levels of the workforce and experience working in a heavily interfaced environment, and able to demonstrate working knowledge and skills of the main elements of customizing and user administration.
  • Able to operate as a highly independent worker and as part of a strong team with a collaborative approach.
  • Proven ability to work under stress in emergencies with the flexibility to handle multiple high-pressure situations simultaneously
  • Ability to communicate highly complex technical information clearly and articulately for all levels and audiences
  • Ability to manage tasks independently and take ownership of responsibilities
  • Strong team-oriented interpersonal skills with the ability to interface with a broad range of people and roles including vendors and IT-business personnel

 

Requested Experience:

  • Experience with SAP Application Security, ECC, GRC, and Hana functional technical components
  • SOC report development experience.
  • Experience working and managing vendor performance and service level agreements
  • Able to demonstrate a high degree of credibility and influence senior stakeholders within the organization
  • Ability to adapt to a rapidly changing environment and quickly identify new trends and industry changes specific to security and advanced cyberattacks
  • High critical thinking skills required to evaluate complex, multi-sourced intelligence information, analyze and confirm root cause, an independently, or at times with the assistance of a Senior IT Threat Analysts or third-party vendor, identify mitigation alternatives and solutions that safeguard our technical environment
  • Functional expertise in Active Directory, LINUX, SAP Hana, Azure, Amazon Web Services, and Google Cloud preferred.
     

Working Conditions and Location

 

  • The position is located in the Denver corporate office.
  • Position may be required to travel to, and assist other domestic and international sites. 
     

 

The salary range offered for this role is $85,140 to 108,790. The salary range is tied to the Colorado market for jobs performed in Colorado. The salary offer to the successful candidate will be based on job-related education, training, and/or experience.  The salary offer will not be based on a candidate’s salary history at other jobs, and by law, Newmont will not seek information about salary history, and candidates should not share such information with Newmont.   

This role will be eligible for participation in a discretionary annual bonus program, pursuant to which an employee may be awarded a percentage of their salary based on the company’s performance and their own individual performance. 

Newmont offers a competitive and inclusive benefits package to support physical, mental, financial and emotional wellbeing. This role will be eligible for the following benefits:  Medical, prescription drug, dental, and vision insurance; flexible spending accounts; health savings accounts; life and accidental death and dismemberment insurance; short and long-term disability; 401(k) program with company match; pension; financial planning; employee assistance program (EAP); adoption assistance; dependent scholarship program; tuition reimbursement; paid holidays and paid time off; paid family leave; matching gifts; and discounts on home, auto and pet insurance.  All bonuses and benefits are subject to the applicable eligibility and program/plan terms and may be modified or terminated at Newmont’s sole discretion.


Nearest Major Market: Denver