IT Compliance Manager

Crum & Forster Company Overview:

Approaching $4 billion in written premium as of 2021, C&F enjoys an “A” (Excellent) financial strength rating by A.M. Best.

C&F is part of Fairfax Financial Holdings, a global organization with $23.8 billion in revenue as of 2021.

Crum & Forster Services India (CFSI) is an India subsidiary of Crum & Forster Inc. The objective is to provide digital and IT services to C&F business units by creating autonomous squads focused on a specific product or a business team.

For more information about Crum & Forster, please visit our website: www.cfins.com.

Job Description:

The position

This role requires a strong understanding of change management principles, SOX requirements, and CIS controls, along with the ability to collaborate with cross-functional teams to implement effective change controls.

Key Responsibilities:

1. Change Management Policies, Procedures and Tools:

• Lead the development, implementation, and maintenance of change management policies and procedures to ensure compliance with SOX and Cyber Security controls.
• Collect, assess and/or document current change control procedures and tools used by different divisions, teams and projects for application source code, tool, component, network and infrastructure changes.
• Collect/document Change Management Flow, Roles and Responsibilities, Source Code and Deployment Tools and Approval processes based on the type of change.
• Identify and document gaps in current change control procedures and tools used by divisions, teams and projects. Recommend short and long term resolutions to change control gaps.
• Help implement short term solutions to fill gaps in change management procedures and tools.
• Act as compliance representative for the strategic evaluation and implementation of a new change control tool and process for the corporation as a whole.

1. Change Monitoring and Control:

• Enforce the maintenance of accurate and up-to-date documentation related to change management activities, including change requests, approvals, and implementation details.
• Establish and run a cross-functional Change Control Review Board to review and coordination of changes.
• Assess proposed changes to information systems, applications, and infrastructure to identify potential impacts on SOX compliance, Cyber Security, as well as, impact on other teams and applications. Implement corrective actions, if needed.
• Work closely with IT teams and other stakeholders to ensure effective communication and coordination of change management activities, as well as, to insure that changes follow the required Cyber and compliance security reviews and controls.
• Maintain, and/or enforce the maintenance of, a list of approved third party software, components, libraries, etc. Insure that new third party software, components and libraries have been appropriately reviewed and approved.

1. Compliance:

• Generate regular reports on change management activities, SOX compliance status, and adherence to CIS controls.
• Conduct regular assessments and collaborate with internal and external auditors to ensure that change management processes align with SOX requirements, such as documentation, testing, approvals, divisions of responsibilities, backup and backout requirements, etc.
• Work with Cyber Security team to ensure that changes have gone through the proper secure architecture reviews, threat assessments and data protection controls.
• Provide guidance and training to staff on compliance requirements related to change management.
• Implement and manage controls based on CIS best practices to enhance the security posture of information systems.
• Continuous Improvement and mentoring:
• Identify opportunities for process improvement in change management and compliance processes.
• Identify and implement existing tool updates to support the change management process. Support the long term change management solution definition and implementation.
• Stay abreast of industry trends, best practices, and regulatory changes.
• Mentor and coach junior resources on Compliance controls and Technologies we use as part of Compliance controls.

What are we looking for?

Required Knowledge and Skills:

1. Bachelor's degree in Information Technology, Business, or a related field. Relevant certifications (e.g., CISA, CISSP) are a plus.
2. Knowledge of, and/or certification in, ITIL and Change Management is a plus.
3. Proven experience in change management, and security change controls.
4. Knowledge of Sarbanes-Oxley Act regulations and requirements.
5. Familiarity with CIS Controls and other cybersecurity frameworks.
6. Experience:

• Minimum 8 years of experience in change management
• Knowledge of SOX and CIS controls, as well as, regulatory requirements like NYDFS.
• Previous experience in a role involving IT compliance with regulatory frameworks.
• Skills:
• Effective communication and interpersonal skills.
• Strong analytical and problem-solving skills.
• Project management experience is a plus.
• Ability to work independently and collaboratively in a fast-paced environment.
• Tools:
• Familiarity with source control and deployment tools, change management tools and systems.
• Knowledge of factors affecting changes impact on security.
• Jira, Confluence
• Familiarity with well-known cloud platforms – AWS, Azure and GCP.

#LI-MS

#LI-HYBRID

What C&F will bring to you:

Great Place to Work