Job Description
Job Description
Aquarian
Aquarian is a diversified global holding company with a strategic portfolio of insurance and asset management solutions.
After launching in 2017, Aquarian finalized its first investment in 2018. Since then, Aquarian has grown to over $22.8B in assets under management. Aquarian Insurance acquires and operates companies providing retirement income and reinsurance solutions for millions of people. Aquarian Investments deploys capital into opportunities that yield attractive risk-adjusted returns with downside protection for its clients.
Aquarian's approach combines a wide and holistic view of the investment landscape with incisive decision-making and deep investing acumen. The company invests across the capital structure and creates tailored financing solutions that enable high-quality companies to grow and evolve.
Aquarian is an ideal environment for those driven to make a lasting impact on long-term investing. We value diverse perspectives and believe aligning employee incentives with the firm's performance is essential to the business's success. We offer people an opportunity to build together and be a part of something bigger than themselves.
Position Overview
We are seeking a diligent and detail-oriented IT Compliance Specialist to join our team. This role is crucial in ensuring that our information technology systems, processes, and data handling practices adhere to relevant laws, regulations, industry standards, and internal policies.
You will play a key role in supporting IT audits, assessing risks, developing compliance documentation, developing and implementing a framework of controls, and fostering a culture of compliance within the IT department. This is an excellent opportunity for an individual with a foundational understanding of IT and a strong interest in regulatory frameworks and cybersecurity to grow their career in a critical and evolving field.
Responsibilities
- Development and implementation of a unified control framework
- Review the regulations that guide the company and different subsidiaries and map requirements into a unified and reputable control framework
- Liaise with the different IT areas to coordinate and collaborate on the implementation of controls.
- Policy & Procedure Adherence:
- Assist in the development, review, and maintenance of IT policies, standards, and procedures to ensure alignment with legal, regulatory, and industry compliance requirements.
- Help communicate compliance requirements to IT teams and monitor adherence to established guidelines.
- Audit & Assurance Support:
- Support internal and external IT audits by gathering documentation, providing evidence, and coordinating with auditors.
- Track and monitor remediation efforts for identified audit findings and control deficiencies.
- Assist in preparing audit reports and presentations for management.
- Risk Assessment & Management:
- Participate in IT risk assessments to identify potential compliance gaps and vulnerabilities within systems and processes.
- Help maintain a register of IT risks and track mitigation activities.
- Compliance Monitoring & Reporting:
- Conduct regular reviews and checks to ensure ongoing compliance with specific regulations (e.g., data protection laws, financial industry regulations relevant to Bermuda, internal controls).
- Assist in preparing compliance reports and metrics for management and regulatory bodies.
- Data Governance & Privacy:
- Support initiatives related to data privacy and protection, ensuring IT systems handle sensitive information in accordance with relevant regulations (e.g., GDPR, local privacy acts).
- Assist in managing data retention policies and data access controls from a compliance perspective.
- Awareness & Training:
- Help develop and deliver training materials to IT staff on compliance-related topics, policies, and best practices.
- Promote a strong culture of compliance and security awareness within the IT department.
- Incident Response Involvement:
- Collaborate with IT security and operations teams during security incidents or breaches to ensure compliance implications are addressed and documented appropriately.
Qualifications
- Education: Bachelor's degree in information technology, Computer Science, Business Administration, Legal Studies, or a related field, or equivalent practical experience.
- Experience:
- 3-5 years of experience in an IT, audit, risk management, or compliance-focused roles.
- Foundational understanding of IT infrastructure, systems, and common applications.
- Experience mapping requirements from different regulation into a unified framework of controls.
- Familiarity with general IT security concepts.
- Technical Knowledge & Frameworks:
- Basic knowledge of common IT governance and compliance frameworks (e.g., ISO 27001, NIST, COBIT, SOX).
- Familiarity with the CyberSecurity and IT sections of SEC, Investor Advisor Act of 1940, FINRA, GLBA, NAIC, 23 NYCR 500, HB-474)
- Understanding of data privacy principles and relevant regulations (e.g., GDPR, or local Bermuda data protection acts).
- Familiarity with IT general controls (ITGCs).
Preferred Certifications (or willingness to obtain within 12-18 months)
- Certified in Risk and Information Systems Control (CRISC) - Entry-level
- Certified Information Systems Auditor (CISA) - Entry-level