Manager, IT Risk & Internal Controls and Compliance

Job ID:  516873

CRH's Americas Materials division is the leading integrated supplier of aggregates, asphalt, ready mixed concrete and paving and construction services in North America. Our operations span North America with over 29,000 employees at close to 1,660 locations in 45 US States and 2 Canadian provinces.

Position Overview

CRH Americas Materials is currently recruiting for the position of Manager, IT Risk & Internal Controls and Compliance based in Atlanta, GA. The successful candidate will have a deep understanding of IT security frameworks, risk management and compliance standards and will work collaboratively with cross-functional teams to ensure alignment with business objectives and regulatory requirements. As a Manager, IT Risk & Internal Controls and Compliance, in the Financial Risks Controls and Compliance organization you will be responsible for developing/managing policies, leading risk assessments, overseeing audits, and drive the effectiveness of IT and security controls in line with company’s standards. You will also provide subject matter expertise and technical guidance to technology – aligned process owners, ensuring that the implemented controls are operating effectively and in compliance with regulatory, legal and industry standards.  

This includes but is not limited to:

• Support the Compliance function for ongoing SAP transformation and managing the SAP GRC platform
• Working collaboratively across the business and project teams to ensure a robust control environment is adopted.

Key Responsibilities (Essential Duties and Functions)

The key responsibilities described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.

 Risk Management, Internal Control and SOX Compliance

• Develop and maintain IT security policies and procedures to ensure compliance with applicable laws and regulations
• Lead IT risk assessments and maintain the risk register
• Design, implement and maintain a comprehensive IT governance framework that aligns with industry’s best practices (ISO 27001, NIST, COBIT)
• Monitoring compliance with internal policies and external regulations and preparing audits and assessments.
• Assist in evaluating risks and identifying controls for ongoing ERP transformation
• Assist in risk owner responsibilities and evaluating the segregation of duties for access management.
• Monitor emerging risks in IT compliance, including cybersecurity threats that could impact SOX controls.

Stakeholder management, communication and influencing skills

• Ensure clear, timely and efficient communication channels exist to provide status updates, identify, and resolve issues and report on any other matters as needed
• Build relationships with key internal stakeholders and promote the function of a trusted partner

Change and transformation 

• Identify opportunities to make the compliance process more effective and efficient through data analytics and continuous monitoring
• Apply knowledge of risk and controls best practices to promote transformational activities
• Drive the SOX compliance function to move beyond SOX compliance by adding value across the end-to-end financial reporting controls process
• Engage with relevant external stakeholders to align and optimize work practices

People / Overall Management

• Create a climate where people are motivated to collaborate with Compliance to help achieve the organization’s compliance objectives

Qualifications

Education/Experience & Certifications

• 6+ years of relevant experience, including IT SOX, IT audit, or risk management at a public company or Big 4/public accounting firm.
• Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Information Security Controls (CRISC) or equivalent qualification and other IT risk and controls experience. 
• Bachelor’s degree in information systems, Accounting, Finance or related field

Functional Skills:

• Strong understanding of SOX 404, COSO, COBIT, and PCAOB standards.
• Experience designing, implementing, and maintaining a comprehensive IT governance framework, policies and procedures that aligns with industry best practices (e.g., ISO 27001, NIST, COBIT) and compliance with applicable laws and regulations
• Proficient with SAP GRC modules Access Risk Analysis (ARA) and Emergency Access Management (EAM) and/or other similar automated provisioning GRC tools
• Experience with identifying and assessing ITGCs, application and interface controls, key reports, and SOC reports.
• Strong interpersonal and organizational influencing skills
  • Ability to communicate in a simple, articulate, thoughtful manner to varying audiences
  • Innovative spirit to work cross-functionally in developing improvement ideas
  • Conflict management and negotiation skills
  • A pleasant, likeable manner while accomplishing challenging results
• Expertise in identifying and implementing best practice:
  • When developing a framework and process for ongoing design
  • Implementing operational effectiveness and testing of key controls
  • Creating key IT process and data flow maps to identify control weaknesses
  • Creating risks and control matrices (RCMs)
• Experience with project management including working within complex business environments for multi-national organizations collaborating and partnering with both with Internal auditors and External auditors
• Advanced problem-solving experience involving leading teams in identifying, researching, and coordinating the resources necessary to effectively troubleshoot/diagnose complex project issues; prior success extracting/translating findings into alternatives/solutions; and identifying risks/impacts and schedule adjustments to facilitate management decision-making.
• Comfortable navigating complex IT environments, including ERP systems, cloud platforms, and cybersecurity frameworks
• Familiarity with ERP systems (e.g., SAP, M3, Oracle Cloud, NetSuite, PeopleSoft).
• Ability to translate complex IT and control concepts into business-friendly language.
• Excellent stakeholder management skills. Ability to cultivate and maintain solid relationships with key stakeholders across organizational teams and third-party suppliers
• Previous change and transformation experience, preferably at a managerial level

Work Requirements

• Atlanta based position.  Hybrid mix of onsite and remote working.
• Must have expert proficiency in Microsoft Word, Excel, PowerPoint, Data and Analytic Tools (i.e., Tableau, Power BI, Alteryx, etc.,) and Outlook
• Must be 18 years old or older
• Must pass pre-employment drug screen and criminal background check
• Strict adherence to safety requirements and procedures as outlined in the Employee Handbook
• Willingness to work independently within a team environment and other duties as required
• Moderate travel required
• SAP experience preferred

What CRH Offers You

• Highly competitive base pay
• Comprehensive medical, dental and disability benefits programs
• Group retirement savings program
• Health and wellness programs
• An inclusive culture that values opportunity for growth, development, and internal promotion

About CRH

CRH has a long and proud heritage. We are a collection of hundreds of family businesses, regional companies and large enterprises that together form the CRH family. CRH operates in a decentralized, diversified structure that allows you to work in a small company environment while having the career opportunities of a large international organization.

If you’re up for a rewarding challenge, we invite you to take the first step and apply today! Once you click apply now, you will be brought to our official employment application. Please complete your online profile and it will be sent to the hiring manager. Our system allows you to view and track your status 24 hours a day. Thank you for your interest!

CRH Americas Materials Inc. is an Affirmative Action and Equal Opportunity Employer.

EOE/Vet/Disability