US LBM is one of the leading and fastest growing distributors of specialty building materials in the United States, with a team of over 8,000 employees located throughout the country. Since our founding in 2009, we have acquired over 30 companies and have expanded to more than 260 locations serving 32 states. US LBM is a progressive organization that promotes a unique culture that focuses on the value of its customers and associates. Developing our people is critical to our strategy and fostering our culture of empowerment.
Things you should know about working at US LBM:
- We are all about teamwork! All positions are hands on and we band together when necessary.
- We support each other. We have local and corporate team members to help you along the way and partner on projects as appropriate.
- We are a relaxed atmosphere, this is not a suit and tie environment.
- We work hard. We are a continuous improvement driven organization and we are focused on keeping organized and on task.
How you will spend your days as an IT Controls and Compliance Manager:
- Play an active role in strengthening the IT Controls environment across US LBM by defining and enforcing policies, standards, and procedures within IT
- Lead the development and enhancement of the IT controls across the organization and managing adherence to regulatory compliance and internal policies
- Lead the implementation and management of the IT GRC and CSA program
- Identify and validate key controls by working with various teams
- Work closely with internal audit on SOX risk assessments, scoping, documentation, and testing programs in accordance with COSO and COBIT frameworks
- Author, revise and maintain IT Compliance policies, procedures, and standards
- Measure and report IT compliance performance
- Ensure proper accounting of SOX documentation for IT to include Risk Control, process narratives, testing, issue evaluation, and reporting
- Coordinate the review of the SaaS applications SOC 1 reports and follow-up actions on Complementary User Entity Controls or other compensating controls
- Review and oversee compliance related procedures and documentation and sign-off on IT Incident and Change manage processes
- Lead PCI Data Security Standard compliance assessment and remediation
- Lead the Change Advisory Board
- Educate and mentor technical teams on ITGC and compliance and facilitates embedding compliant practices.
- Partner with the legal and internal audit teams to facilitate compliance with privacy and data laws (i.e. CCPA)
- Facilitate any IT Controls and Compliance management training requirements
- Health care benefits, starting the first of month after 30 days of employment
- Monday - Friday schedule
- 401(k) with company match
- Closed holidays
- Paid time off
- Employee discount
- We�ll support your educational and career goals with our continuous education programs
We want you to join the team if you can check these boxes:
- Demonstrated experience in implementing compliance framework such as COSO, COBIT, ISO 27001, etc.
- Intimate understanding of SOX Compliance requirements and IT General Controls
- Familiarity with a broad range of IT and Information Security products and technologies such as identity and access management, vulnerability management, encryption, and key management, logging and monitoring and application security
- Familiarity with cloud and SaaS-based environments and technologies with associated auditing methodologies
- CISA, CISM, CISSP certification strongly preferred
- Possess outstanding presentation and interpersonal skills, including written and oral communication
- Must be a leader and a manager, with the knowledge and experience to �get things done�
- Strong attention to detail, time management and organizational skills
- Must be comfortable working in an evolving, entrepreneurial environment