Senior IT Controls Engineer

Rivian is looking for a skillful IT Controls Engineer to join the Enterprise Cybersecurity team. The candidate will be excited by the challenge of working for a hyper-growth company influencing Application and IT Owners, and their executive sponsors. The IT Controls Engineer will act to influence change via actionable recommendations and remediation support effectively "moving the needle" of our ITGC/SOX maturity posture, while promoting risk-based decisions balancing cost to benefit, in establishing an effective ecosystem of IT controls.

Specific areas of focus include, but are not limited to, IT governance, IT general controls, Segregation of duties (including cross-application), Access controls, Change Management controls, Security Operation controls, Identity and Data lifecycle management.

Responsibilities:

• Partner with business process/programs and control owners to design, update, or enhance processes and systematic controls, providing expertise to identify opportunities
• Identify and evaluate in scope controls and recommend ways to evidence and optimize control efficacy through automation
• Collaborate on the evaluation of deficiencies noted in testing, both by internal SOX team and external audit
• Coordinate with Stakeholders to ensure controls are designed to scale seamlessly with known upstream and downstream dependencies
• Lead control testing activities for the design and effectiveness of ITGC/SOX controls for a growing inventory of applications
• Manage consultants, vendor services, and lead scoping efforts as required
• Consult on new business initiatives, system acquisitions, and potential ITGC control implications to assess when changes to internal controls are required
• Utilize IT controls knowledge in combination with audit experience to support other regulatory frameworks (ISO, PCI), in a backup capacity
• Develop dynamic compliance monitoring capabilities to support real time remediation
• Support implementation, administration, and automation of the new GRC platform
• Review vendor software and contractor onboarding assessments

Qualifications:

• BS/BA degree in Information Technology, Risk Management, Business or equivalent experience
• 5-7 years of relevant public and/or private industry experience in IT and Finance SOX compliance
• Demonstrable expert knowledge of ERP IT control design, implementation, and testing
• Knowledge, skills, and expertise in the specialized field of ITGC/SOX control testing including, but not limited to, IT governance, IT general controls, IT project management, IT infrastructure management, software development lifecycle, ERP audits, application security, emerging information security and cybersecurity risk, cloud architecture and controls related to applications hosted in the cloud, data lifecycle management, data privacy, disaster recovery and business continuity, and other technology risks, and as well as IT infrastructure including databases, networks, and operating systems
• Comprehensive knowledge and experience in developing IT and IS risk-based audit work programs and performing risk-based auditing with strong project management skills required
• Ability to work at all levels of organizations, as well as to develop and to maintain effective working relationships with others, to include senior management and Executive Leadership
• High ethical standards with ability to handle confidential / sensitive issues and information with the highest degree of professional responsibility
• Knowledge of process flow mapping, design and documentation of business process and general information technology controls, controls testing, evaluation of control deficiencies, and remediation plans required
• Ability to multitask, prioritize, and manage projects/tasks in a fast-paced environment
• Strong proficiency in the Microsoft Office Suite of products (especially Word, Excel, PowerPoint).
• Excellent communication skills (both verbal and written)
• Ability to identify IT Risk in real time, documenting concise, clear, and actionable gap analysis with a high level of accuracy
• Excellent time management skills, with the ability to manage competing priorities in a sustainable manner
• Excellent attention to detail, always exhibiting a "measure twice, cut once" mentality
• Ability to objectively substantiate, with evidence, written findings and recommendations to a wide variety partner within 48 hours of request
• Exhibitable knowledge of Identity Access Management (IAM), Privileged Access Management (PAM), Transient Access Management (TAM)
• Proven track record of maturing ITSM via workflow design, requirement mapping, and standard operating procedures (SOPs) development support
• Strong compression of the "joiner, mover, leaver" lifecycle
•  

Preferred:

• Knowledge of IT controls frameworks (NIST, ISO 27001, COBIT)
• Certifications: CISA, CIPT, CISM, CRISC, CISSP, CIA
• Experience working with:
  • Cloud Service Providers
  • IT Risk Management Systems
  • Automated Collaboration Tools
  • ERP Systems
• Experience working in SaaS, Payments Services, Fintech or Manufacturing Industries
• Experience managing IT Risk operations, schedules and agendas, triage from registration to evaluation stages etc.
• Knowledge of privacy laws and regulations (GDPR, CCPA, CPRA)
•